Ingo Schommer
d5b3dbc6fb
SECURITY Return true for Director::is_absolute_url() checks if they're prefixed with two or more slashes (as browsers interpret this as a valid URL)
...
SECURITY More solid URL checks in Director::is_site_url(), using a conservative parse_url() hostname comparison rather than Director::makeRelative(), which is not designed for security purposes
2012-05-04 12:10:59 +02:00
Ingo Schommer
68051fdb96
Merge pull request #371 from halkyon/sapphire
...
---
Dont start the session until its actually necessary, which is to say there is a cookie available with the current PHP session name (or a request variable with the session_name() - typically PHPSESSID.) The latter allows for passing session ID through as an alternative to cookies.
2012-05-03 14:58:09 +02:00
Sean Harvey
f63d137d49
ENHANCEMENT Session::start() now only called when there is changed
...
session data to be saved, and started on Director::direct() when there
is a cookie (or request var) containing the current PHP session name.
2012-04-27 16:28:46 +12:00
Simon Welsh
f07258f3cf
MINOR Update @package values to match renaming sapphire
2012-04-15 10:50:19 +12:00
Simon Welsh
3a6341a251
API-CHANGE sapphire folder can now be renamed.
2012-04-15 10:50:19 +12:00
Ingo Schommer
a44b67bae2
API CHANGE Moved RequestHandler->isAjax() to SS_HTTPRequest->isAjax()
2012-04-05 23:00:22 +02:00
Gareth Foster
21d52d3852
BUGFIX #7018 This stops an infinite loop when Depreciation::notice is called from set_dev_servers(). This doesn't stop people from setting $dev_servers directly (not that it is used in the core code anywhere).
2012-03-24 15:57:49 +13:00
Mark Stephens
627708e3a8
BUGFIX: add Director::isDev parameter so we can test if we know we're dev mode already without touching the database. Used in showqueries on MySQL, so that errors are avoided when showing queries on initial switch to dev move ( #6856 )
2012-03-09 14:20:22 +13:00
Hamish Friedlander
374ed19406
API CHANGE: Change variable expose method in TemplateGlobalProvider and TemplateIteratorProvider to (a) not clash with each other and, (b) be less generic
2012-03-06 09:31:57 +13:00
Hamish Friedlander
fb246bdd08
APICHANGE: Rename getExposedVariables to match coding conventions
2012-03-06 09:31:56 +13:00
Hamish Friedlander
927dbbe717
API-CHANGE: Global template variables can now be called directly using SSViewer_DataPresenter instead of needing to inherit off ViewableData
2012-03-06 09:11:46 +13:00
AngryPHPNerd
0e2cbb0b88
Replace ereg with preg_*
2012-02-27 22:14:02 +01:00
Ingo Schommer
5ab007db21
MINOR Removed apache_request_headers() usage in Director::direct(), it causes inconsistencies in capitalisation over the default method (inspecting $_SERVER)
2012-02-14 13:53:35 +01:00
Sam Minnee
2648411829
ENHANCEMENT: Ensure that forceSSL and protocol detection respects the X-Forwarded-Protocol header.
2012-02-03 09:49:37 +13:00
simonwelsh
7179f04682
API CHANGE: Deprecate Director::set_dev_servers() and Director::set_test_servers() in favour of Director::set_environment_type() or an _ss_environment.php file.
2012-01-01 22:09:41 +13:00
Simon Welsh
dd546a9888
BUGFIX Merge request arrays recursively
2011-12-23 17:48:49 +13:00
Sam Minnee
e5afa25522
MINOR: Use Deprecation class to indicate deprecated methods in core.
2011-10-29 17:34:31 +13:00
Will Rossiter
1732a17114
Merged new-orm into datagrid
2011-09-26 16:47:54 +13:00
Ingo Schommer
2651a1ba81
MINOR Marking Director::extract_request_headers() public because we can't unit test protected methods in PHP 5.2
2011-09-19 16:01:33 +02:00
ajshort
a60f03f28e
ENHANCEMENT Sapphire Doesn't Read HTTP Headers ( fixes #6311 )
2011-09-19 14:49:55 +02:00
Ingo Schommer
ce8e72cf0e
MINOR Removing executable flag from all files (thanks miiihi)
2011-09-18 22:04:02 +02:00
Sam Minnee
878b348a0f
Merge branch 'master' into new-orm
...
Conflicts:
docs/en/reference/built-in-page-controls.md
model/SQLQuery.php
2011-05-26 17:08:10 +12:00
Ingo Schommer
4bd97cfd79
API CHANGE Removed Director::get_site_mode() and set_site_mode(), functionality no longer required
...
API CHANGE Removed Director::add_callback(), use custom extension on controller instead
API CHANGE Removed Director::currentPage(), use get_current_page() instead
2011-05-01 20:23:06 +12:00
Sam Minnee
7fbb919ce8
API CHANGE: Introduce DataModel object, as a representation of the project's entire data model, and tie it to $this->model an all DataObjects, Controllers, and RequestHandlers for easy non-static access.
...
API CHANGE: Add DataList::newObject(), which creates a new object on that DataList.
API CHANGE: RequestHandler::handleRequest() now needs to handle a $model argument, if you override it.
2011-05-01 17:33:02 +12:00
Ingo Schommer
9b29616710
API CHANGE Rearranged files in sapphire to reflect core dependencies more accurately, and have the tests/ folder mirror its folder structure
2011-03-31 09:56:21 +13:00