Commit Graph

3074 Commits

Author SHA1 Message Date
Ingo Schommer
faa94d51d5 [ss-2016-003] Hostname, IP and Protocol Spoofing through HTTP Headers 2016-02-24 11:33:54 +13:00
Damian Mooyman
e07f80014c Merge remote-tracking branch 'origin/3.1' into 3.2
Conflicts:
	lang/cs.yml
	lang/sk.yml
2015-11-03 11:10:46 +13:00
Damian Mooyman
2813f94124 BUG Ensure that filters on any fixed field are scoped to the base data table
Fixes #4700
2015-10-30 16:26:14 +13:00
Damian Mooyman
e64d73c1f7 BUG Fix ClassInfo::table_for_object_field 2015-09-17 18:31:46 +12:00
Damian Mooyman
843e54509a Merge pull request #4475 from JeroenDeDauw/rm-unused-vars
Remove unused local vars
2015-09-01 11:42:16 +12:00
Damian Mooyman
4a011303b9 Add missing packages 2015-08-24 16:15:38 +12:00
Damian Mooyman
1686c83826 Revert #3425 #3396 to restore deprecated functionality
Fixes #4514
2015-08-24 11:26:25 +12:00
Daniel Hensby
a8ab5a468d Merge branch '3.1' into 3.2
Conflicts:
	admin/code/LeftAndMain.php
	composer.json
2015-08-17 11:43:28 +01:00
Daniel Hensby
910156b84c Merge pull request #4443 from JorisDebonnet/base64url
Url-safe alternative for base64_encode in resampled Image filenames
2015-08-10 13:56:35 +01:00
Sam Minnee
1f0602d42f FIX: Fixed regression from ClassInfo case-sensitivity fix.
This fixes a bug introduced by ffbeac6b7d.
ClassInfo::subclassesFor() didn't previously throw an Exception if passed
an invalid class; it just returned no values. This will annoy minor-release
upgrades, and so I've made it return null instead in these situation.
2015-08-07 14:20:01 +12:00
JorisDebonnet
18e163d985 Url-safe alternative for base64_encode in resampled Image filenames 2015-08-05 20:59:40 +02:00
Loz Calver
687de33d0d Ensure ClassInfo is backwards compatible with non-existant classes 2015-08-04 15:07:07 +01:00
jeroendedauw
320c717358 Remove unused local vars 2015-08-03 20:42:43 +02:00
Damian Mooyman
7ee444e08a Merge remote-tracking branch 'origin/3.1' into 3.2
Conflicts:
	admin/code/LeftAndMain.php
	control/injector/SilverStripeServiceConfigurationLocator.php
	core/ClassInfo.php
	filesystem/File.php
	model/DataObject.php
	model/DataQuery.php
	search/filters/FulltextFilter.php
	search/filters/SearchFilter.php
	tests/core/ClassInfoTest.php
	tests/filesystem/FileTest.php
	tests/model/DataListTest.php
2015-07-31 11:38:18 +12:00
Daniel Hensby
ffbeac6b7d Ensuring classinfo is case insensitive 2015-07-28 11:17:50 +01:00
Simon Erkelens
1831947157 Declare the global mapping
Fix for  #4426
2015-07-23 20:52:09 +02:00
Daniel Hensby
ca8d0f2818 Merge branch '3.1' into 3.2
Conflicts:
	dev/Debug.php
	docs/en/05_Contributing/01_Code.md
	forms/FormField.php
	i18n/i18nTextCollector.php
	model/DataQuery.php
2015-07-20 10:48:01 +01:00
Damian Mooyman
5ace4905c9 BUG Fix issue when SS_ALLOWED_HOSTS is run in CLI 2015-07-08 11:01:06 +12:00
Daniel Hensby
66391ab57a FIX Imported namespaces now correctly used to determine class inheritance
Fixes #3707
2015-06-20 16:09:10 +01:00
Damian Mooyman
e14f743bf0 Set deprecation level for all changes in 3.x to 4.0 2015-06-19 13:07:41 +12:00
Daniel Hensby
eaec2ad9a8 Safe unnesting of Config and Injector 2015-06-15 00:23:40 +01:00
Damian Mooyman
8331171f2c Merge remote-tracking branch 'origin/3.1' into 3
Conflicts:
	.scrutinizer.yml
	admin/javascript/LeftAndMain.Panel.js
	core/startup/ParameterConfirmationToken.php
	dev/Debug.php
	dev/FixtureBlueprint.php
	docs/en/00_Getting_Started/05_Coding_Conventions.md
	docs/en/00_Getting_Started/index.md
	docs/en/02_Developer_Guides/01_Templates/01_Syntax.md
	filesystem/File.php
	filesystem/Folder.php
	forms/FieldList.php
	forms/LabelField.php
	forms/MoneyField.php
	forms/TextField.php
	forms/TreeDropdownField.php
	forms/Validator.php
	forms/gridfield/GridField.php
	forms/gridfield/GridFieldExportButton.php
	lang/de.yml
	lang/fi.yml
	model/DataObject.php
	model/SQLQuery.php
	parsers/ShortcodeParser.php
	security/ChangePasswordForm.php
	security/Security.php
	tests/control/DirectorTest.php
	tests/core/startup/ParameterConfirmationTokenTest.php
	tests/dev/FixtureBlueprintTest.php
	tests/forms/FieldListTest.php
	tests/forms/MoneyFieldTest.php
	tests/model/SQLQueryTest.php
	tests/security/SecurityTest.php
2015-06-02 19:13:38 +12:00
Damian Mooyman
0319f7855b FIX Incorrect env setting in 3.1.13 2015-06-02 12:27:08 +12:00
Marcus Nyeholt
9c8fa51321 FIX Allow users to specify allowed hosts
Allow users to explicitly state which Hosts are allowed to be requested via
this application instance to avoid Host: header forgery attacks.
2015-05-28 15:58:39 +10:00
Damian Mooyman
a978b891e1 BUG Fix handling of empty parameter token 2015-05-28 10:13:10 +12:00
Damian Mooyman
75137dbab2 Ensure only trusted proxy servers have control over certain HTTP headers 2015-05-28 10:12:46 +12:00
Stevie Mayhew
0d94cf15a5 UPDATE: change all instances of $this->request to use appropriate getter/setter 2015-04-30 11:04:08 +12:00
Damian Mooyman
43f49e8434 Merge remote-tracking branch 'origin/3.1' into 3
Conflicts:
	admin/code/ModelAdmin.php
	control/Director.php
	model/SQLQuery.php
	security/Member.php
	tests/control/HTTPTest.php
	tests/model/SQLQueryTest.php
	tests/security/SecurityTest.php
	tests/view/SSViewerTest.php
2015-03-31 19:54:15 +13:00
Damian Mooyman
7f983c2bae BUG Fix SS-2014-017 2015-03-20 18:27:30 +13:00
Damian Mooyman
db54125262 Deprecate stripslashes_recursively and magic quotes
This code is removed from 4.0
2015-03-14 21:24:11 +13:00
Damian Mooyman
319b96b48b Merge remote-tracking branch 'origin/3.1' into 3
Conflicts:
	docs/en/02_Developer_Guides/09_Security/04_Secure_Coding.md
	docs/en/05_Contributing/01_Code.md
	forms/TreeDropdownField.php
	model/DataObject.php
	security/Member.php
	tests/model/DataObjectTest.php
2015-03-11 11:40:06 +13:00
Daniel Hensby
ef818b3b7b Merge pull request #3970 from tractorcow/pulls/3.2/api-zero-pagination
API enable PaginatedList to be disabled by setting page length to 0
2015-03-09 11:28:36 +00:00
Loz Calver
93dca9aabd Merge pull request #3934 from dhensby/pulls/cofig-lru-fix
Change the LRU cache to a simple in-memory model
2015-03-09 09:31:04 +00:00
Simon Welsh
1d135552cf Change the LRU cache to a simple in-memory model
Slight memory increase when there are lots of additions for much better performance in every case.
2015-03-09 02:01:24 +00:00
Damian Mooyman
9367fd2456 API enable PaginatedList to be disabled by setting page length to 0 2015-03-05 12:07:14 +13:00
micmania1
6e0afd5b3c FIX Prevent unnecessary call to config system which doesn't exist yet
By passing the Config instantiation through the Injector and service configuration we're unnecessarily calling Config::inst()->get() on a config system which doesn't yet exist.

More specifically it calls Config::inst()->get('Config', 'dependencies') here: 4ae0d90c55/control/injector/Injector.php (L660) which in turn calls Config::inst()->get('Config', 'extensions').

This jumps through hoops trying to find the cached config for this class using the current Config_LRU class. When it doesn't find it, it then tries to look through the manifests which don't get created or brought from cache until later on in Core.php. Eventually this returns null for both Config::inst()->get() calls.

I ran a quick performance test before and after on an ec2 t2.micro box using siege (concurrency 5, 10 repetitions) and saved 400ms on average response times on a default installation - it would be awesome if somebody could confirm this is actually the case?
2015-03-03 11:35:26 +00:00
Daniel Hensby
bee642a6b9 FIX make class loader classExists check interface_exists as per docs 2015-03-03 00:22:15 +00:00
Will Rossiter
ddec797c1c Correct PHPDoc for classExists (Fixes #3904)
classExists() doesn't check for interfaces, comment shouldn't say it does.
2015-03-02 20:15:26 +13:00
Damian Mooyman
dff65867cc Merge remote-tracking branch 'origin/3.1' into 3
Conflicts:
	control/HTTP.php
	control/HTTPResponse.php
	docs/en/05_Contributing/01_Code.md
	forms/CompositeField.php
	forms/FormAction.php
	forms/FormField.php
	forms/InlineFormAction.php
	forms/NumericField.php
	forms/TreeDropdownField.php
	forms/TreeMultiselectField.php
	templates/forms/TreeDropdownField.ss
	tests/core/CoreTest.php
	tests/forms/NumericFieldTest.php
	tests/model/DataDifferencerTest.php
2015-02-20 10:17:19 +13:00
Zauberfisch
aa77e126c7 Fixed infinity loop when searching _ss_environment 2015-02-17 04:33:40 +00:00
zauberfisch
eb98b003b7 Fixed looking for _ss_environment.php in root dir and removed redundant code 2015-02-13 23:30:29 +00:00
JorisDebonnet
047fe3a410 BUG Include php version in default cache folder name
Update CoreTest.php
2015-02-12 17:29:45 +13:00
Loz Calver
eed709384d FIX: dev/build not flushing manifests if site is in a subfolder 2015-02-11 19:59:22 +00:00
Damian Mooyman
88fdc75456 Merge remote-tracking branch 'composer/3.1' into 3
Conflicts:
	.editorconfig
	docs/en/00_Getting_Started/00_Server_Requirements.md
	docs/en/00_Getting_Started/01_Installation/04_Other_installation_Options/Windows_IIS7.md
	docs/en/00_Getting_Started/01_Installation/04_Other_installation_Options/Windows_Platform_Installer.md
	docs/en/00_Getting_Started/04_Directory_Structure.md
	docs/en/00_Getting_Started/index.md
	docs/en/01_Tutorials/01_Building_A_Basic_Site.md
	docs/en/01_Tutorials/02_Extending_A_Basic_Site.md
	docs/en/01_Tutorials/03_Forms.md
	docs/en/01_Tutorials/04_Site_Search.md
	docs/en/01_Tutorials/05_Dataobject_Relationship_Management.md
	docs/en/01_Tutorials/index.md
	docs/en/02_Developer_Guides/00_Model/01_Data_Model_and_ORM.md
	docs/en/02_Developer_Guides/00_Model/11_Scaffolding.md
	docs/en/02_Developer_Guides/01_Templates/06_Themes.md
	docs/en/02_Developer_Guides/03_Forms/How_Tos/Simple_Contact_Form.md
	docs/en/02_Developer_Guides/05_Extending/05_Injector.md
	docs/en/02_Developer_Guides/09_Security/04_Secure_Coding.md
	docs/en/02_Developer_Guides/10_Email/index.md
	docs/en/02_Developer_Guides/11_Integration/01_RestfulService.md
	docs/en/02_Developer_Guides/12_Search/01_Searchcontext.md
	docs/en/02_Developer_Guides/14_Files/index.md
	docs/en/02_Developer_Guides/15_Customising_the_Admin_Interface/03_CMS_Layout.md
	docs/en/02_Developer_Guides/15_Customising_the_Admin_Interface/06_Javascript_Development.md
	docs/en/02_Developer_Guides/15_Customising_the_Admin_Interface/How_Tos/Customise_CMS_Tree.md
	docs/en/02_Developer_Guides/15_Customising_the_Admin_Interface/How_Tos/Customise_Site_Reports.md
	docs/en/02_Developer_Guides/18_Cookies_And_Sessions/01_Cookies.md
	docs/en/04_Changelogs/3.1.9.md
	docs/en/05_Contributing/00_Issues_and_Bugs.md
	docs/en/05_Contributing/02_Release_Process.md
	docs/en/05_Contributing/03_Documentation.md
	filesystem/File.php
	filesystem/GD.php
	model/DataDifferencer.php
	model/Versioned.php
	security/BasicAuth.php
	security/Member.php
	tests/filesystem/FileTest.php
	tests/forms/uploadfield/UploadFieldTest.php
	tests/model/VersionedTest.php
	tests/security/BasicAuthTest.php
2015-01-15 18:52:46 +13:00
Damian Mooyman
19549d620f Moved deprecation of SQLQuery to 4.0 2014-12-04 09:30:50 +13:00
Jonathon Menz
01989aac4e FIX: Manifest flushing
Fixes silverstripe/silverstripe-framework#2325
Fixes silverstripe/silverstripe-framework#3093

Static manifest was not being flushed during a dev/build on some environments (without ?flush in URL) and template manifest was never being flushed during a dev/build.
2014-11-26 10:15:09 +10:30
Damian Mooyman
0b1f297873 Merge remote-tracking branch 'origin/3.1'
Conflicts:
	.travis.yml
	README.md
	admin/code/LeftAndMain.php
	admin/css/screen.css
	admin/scss/screen.scss
	api/RestfulService.php
	conf/ConfigureFromEnv.php
	control/injector/ServiceConfigurationLocator.php
	control/injector/SilverStripeServiceConfigurationLocator.php
	core/ClassInfo.php
	core/Object.php
	css/AssetUploadField.css
	css/ComplexTableField_popup.css
	dev/CSSContentParser.php
	dev/DevelopmentAdmin.php
	docs/en/changelogs/index.md
	docs/en/misc/contributing/code.md
	docs/en/reference/execution-pipeline.md
	filesystem/GD.php
	filesystem/ImagickBackend.php
	filesystem/Upload.php
	forms/Form.php
	forms/FormField.php
	forms/HtmlEditorConfig.php
	forms/gridfield/GridFieldDetailForm.php
	forms/gridfield/GridFieldSortableHeader.php
	lang/en.yml
	model/Aggregate.php
	model/DataList.php
	model/DataObject.php
	model/DataQuery.php
	model/Image.php
	model/MySQLDatabase.php
	model/SQLQuery.php
	model/fieldtypes/HTMLText.php
	model/fieldtypes/Text.php
	scss/AssetUploadField.scss
	search/filters/SearchFilter.php
	security/Authenticator.php
	security/LoginForm.php
	security/Member.php
	security/MemberAuthenticator.php
	security/MemberLoginForm.php
	security/Security.php
	tests/behat/features/bootstrap/SilverStripe/Framework/Test/Behaviour/CmsFormsContext.php
	tests/control/HTTPTest.php
	tests/control/RequestHandlingTest.php
	tests/filesystem/UploadTest.php
	tests/forms/FormTest.php
	tests/forms/NumericFieldTest.php
	tests/model/DataListTest.php
	tests/model/DataObjectTest.php
	tests/model/TextTest.php
	tests/security/MemberAuthenticatorTest.php
	tests/security/SecurityDefaultAdminTest.php
	tests/view/SSViewerCacheBlockTest.php
	tests/view/SSViewerTest.php
2014-11-18 12:45:54 +13:00
Damian Mooyman
0a04e2e77b Merge pull request #3484 from dnadesign/object_has_extension_fix
fixed and tested object has_extension
2014-10-24 17:20:00 +13:00
John Milmine
62658a6cca fixed and tested object has_extension 2014-10-24 16:58:50 +13:00
Damian Mooyman
db0cad4616 BUG ErrorControlChain now supports exception handling 2014-09-26 16:54:34 +12:00