Commit Graph

120 Commits

Author SHA1 Message Date
Marcus Nyeholt
7bcb180f27 BUG Director::test now calls RequestProcessor
This fixes https://github.com/silverstripe/silverstripe-framework/issues/2517
and provides some testing around the use of RequestProcessor in general.
2013-10-15 07:53:34 +11:00
Will Rossiter
63778550e5 FIX: Follow internal redirections for cli operations. 2013-09-16 20:11:28 +12:00
Ingo Schommer
9d764d6794 FIX Avoid infinite loops on ?isDev=1 and Deprecation class
If any of the functionality triggered by Director::isDev()
was causing deprecation errors, the system would go into
an infinite loop. Since the only way to cause this is the DB
checking functionality, we disable that for Deprecation.
Side effect of this change: You can't show deprecation notices
on a live site by forcing the session into dev mode.
2013-07-17 11:55:19 +02:00
Sam Minnée
ecf8f273c0 Merge pull request #2201 from hafriedlander/fix/session
Fixes to session, primarily around cookie_secure
2013-07-06 18:59:07 -07:00
Hamish Friedlander
d629d9422f FIX Session::$cookie_secure so Sessions still work via HTTP
Session::$cookie_secure adds the secure property to the session Set-Cookie
command, so that the browser wouldnt send it to the server over an unencrypted
link. However the server would still send the cookie to the browser
unencrypted. Also Sessions would stop working properly in HTTP,
but SilverStripe needs them for several things, such as form validation

This patch effectively causes HTTP and HTTPS requests to each have
their own session when cookie_secure is true. The two sessions are
independant from each other, so information set in the session via
HTTPS is safe from attacks on the session via HTTP, but parts
of the site that use HTTP and the session will still work
2013-07-07 09:12:10 +12:00
Hamish Friedlander
c6b4d993cc FIX Director::forceSSL and forceWWW not setting Vary header
If you have a Varnish box in front of a SilverStripe install, and
you call forceSSL, the Vary header wouldnt get sent. As a result
Varnish would respond with the same redirect reponse after the
redirect, leading to an infinite loop
2013-07-06 15:24:01 +12:00
Will Rossiter
1325d736a0 API: Add Director::is_https() 2013-05-10 22:31:38 +12:00
Fred Condo
f5c6285240 Anchor regex in Director#is_absolute_url()
- Anchor the regex to the beginning of the string
- Change the regex delimiter to reduce the amount of \ clutter
2013-05-03 16:07:25 -07:00
Ingo Schommer
7121fc3f85 FIX Config isolation in Director::test() 2013-04-07 23:59:10 +02:00
Andrew Short
1fc780ce2b API: Return a 404 error when no director rule is matched 2013-04-06 18:19:03 +11:00
Sean Harvey
6eda25a090 NEW Allow specifying the secure domain to Director::forceSSL() 2013-04-03 17:47:36 +13:00
Ingo Schommer
3334eafcb1 API Marked statics private, use Config API instead (#8317)
See "Static configuration properties are now immutable, you must use Config API." in the 3.1 change log for details.
2013-03-24 17:20:53 +01:00
Ingo Schommer
bea1b9002d Merge remote-tracking branch 'origin/3.0' into 3.1
Conflicts:
	control/HTTP.php
2013-02-26 13:28:35 +01:00
Sam Minnee
b2dfa77056 FIX: Ensure that Director::test() doesn't return a string 2013-02-25 16:27:44 +13:00
Ingo Schommer
0c6ac1960e Fixed whitespace usage 2013-02-18 15:43:52 +01:00
Ingo Schommer
14a56c18e9 Merge remote-tracking branch 'origin/3.0' into 3.1
Conflicts:
	control/Director.php
2013-02-07 21:45:16 +01:00
Ingo Schommer
d77e06d585 Merge pull request #1123 from chillu/pulls/revert-content-length
API Remove Content-Length setting from HTTPResponse (fixes #8010)
2013-01-31 10:19:17 -08:00
Ingo Schommer
634c91c6ff Merge remote-tracking branch 'origin/3.0' into 3.1
Conflicts:
	email/Mailer.php
2013-01-30 12:46:24 +01:00
Sam Minnee
f72c77e984 MINOR: Fixed a glitch that causes warnings in cli-script execution. 2013-01-29 18:03:48 +01:00
Ingo Schommer
c69381c33e API Remove Content-Length setting from HTTPResponse (fixes #8010)
This reverts commit 356a367eb5.
We can't use headers_sent() to determine an accurate
content length, since PHP defaults to buffering a couple of bytes
even without ob_start() (see "output_buffering" setting).
This makes the patch harmful, since it breaks any responses relying
on more structure data, like removing closing brackets from JSON.
Which in turn breaks the CMS in horrible ways (see #8010).
See #7574 for context.
2013-01-23 15:05:33 +01:00
Ingo Schommer
f03ad7b0dd Merge remote-tracking branch 'origin/3.0' into 3.1
Conflicts:
	admin/javascript/LeftAndMain.AddForm.js
	control/Director.php
	control/HTTPResponse.php
	dev/Profiler.php
	email/Mailer.php
	forms/ComplexTableField.php
	forms/ManyManyComplexTableField.php
	forms/SimpleImageField.php
	forms/TableField.php
	forms/TableListField.php
	javascript/ComplexTableField.js
	javascript/ImageFormAction.js
	javascript/TableField.js
	javascript/TableListField.js
	security/Member.php
	tests/behat/features/bootstrap/SilverStripe/Framework/Test/Behaviour/CmsUiContext.php
	tests/forms/TableListFieldTest.php
2012-12-12 10:11:56 +01:00
Simon Welsh
b0121b541c Add codesniffer that ensures indentation is with tabs. 2012-12-12 17:33:31 +13:00
Simon Welsh
fc5dd2994c Add codesniffer that ensures indentation is with tabs. 2012-12-12 00:12:11 +13:00
Sean Harvey
6a868e79e1 Removing deprecated prototype/behaviour libraries 2012-11-16 11:37:56 +13:00
Sean Harvey
491057fa95 Remove deprecated Director dev/test server functions
Use SS_ENVIRONMENT_TYPE in your _ss_environment.php file, or
Director::set_environment_type()
2012-11-15 14:43:13 +13:00
Sean Harvey
66d8ff95de Remove deprecated Director static functions
Director::redirect() -> Controller->redirect()
Director::redirect_to() -> Controller->redirectedTo()
Director::set_status_code() -> Controller->getResponse()->setStatusCode()
Director::get_status_code() -> Controller->getResponse()->getStatusCode()
Director::redirectBack() -> Controller->redirectBack()
2012-11-15 14:43:13 +13:00
Sean Harvey
de0ade9636 Remove deprecated Director::urlParam() and Director::urlParams()
Use the methods param() and params() on SS_HTTPRequest instead.
2012-11-15 14:43:12 +13:00
Ingo Schommer
56f7ce1dcf Merge remote-tracking branch 'origin/3.0'
Conflicts:
	control/Cookie.php
	control/Director.php
	control/HTTPResponse.php
	model/Database.php
	model/MySQLDatabase.php
	model/SQLQuery.php
	view/Requirements.php
	view/SSViewer.php
2012-10-03 16:16:19 +02:00
Sam Minnee
1f7fc1f76a FIX Remove instances of lines longer than 120c
The entire framework repo (with the exception of system-generated files) has been amended to respect the 120c line-length limit.  This is in preparation for the enforcement of this rule with PHP_CodeSniffer.
2012-09-30 17:18:13 +13:00
Ingo Schommer
356a367eb5 BUG Setting response length directly before output (fixes #7574)
Complying to HTTP1.1/RFC2616 in terms of when to
set 'Content-Length' in the first place
2012-09-29 17:24:33 +02:00
Simon Welsh
1e629f4585 Merge branch '3.0'
Conflicts:
	control/Cookie.php
	control/Director.php
	dev/Profiler.php
	view/Requirements.php
2012-09-21 14:56:56 +12:00
Ingo Schommer
e2f073f38a Method visibility according to coding conventions 2012-09-20 10:46:59 +02:00
Ingo Schommer
1088d044c5 Merge remote-tracking branch 'origin/3.0'
Conflicts:
	.travis.yml
2012-09-07 17:21:41 +02:00
Damian Mooyman
c2a8eec43c APICHANGE: Changed behaviour of HTTP_Request::params to include route table params (as per 2.4 behaviour, see FIX: below).
ADDED: HTTP_Request::params() to retrieve all (shifted) params used in the request
FIXED: Issue where route-table level arguments would not be accessible without using non-deprecated API.
ADDED: Test case to test the above items
UPDATED: Extended Director::test to allow for the retrieval of the request object
UPDATED: Deprecated notice on Director::urlParam and Director::urlParams
REMOVED: Unused variable
FIXED: Coding convention conformity
2012-08-27 10:56:59 +12:00
Ingo Schommer
5a2247a440 Merge pull request #589 from simonwelsh/absolute_url
FIX Director::is_absolute_url() now ignores query string
2012-08-16 11:50:29 -07:00
Ingo Schommer
3ae8b0b665 Merge remote-tracking branch 'origin/3.0' 2012-07-18 15:00:06 +02:00
Ingo Schommer
712f28bc78 Scoped deprecation messages (fixes #7645) 2012-07-13 11:37:35 +02:00
Ingo Schommer
e00c87541e Merge pull request #618 from chillu/pull/deprecate-profiler
API Deprecated Profiler class, removed related debug GET params
2012-07-05 13:43:37 -07:00
Ingo Schommer
0fe515e182 API Deprecated Profiler class, removed related debug GET params
Use third party tools like XHProf instead.
Removed defunct or unnecessary debug GET parameters:
debug_profile, debug_memory, profile_trace, debug_javascript, debug_behaviour
2012-07-05 12:02:06 +02:00
Tim Klein
a67b964267 FIX: improve Director::makeRelative() to ignore SSL changes.
See http://open.silverstripe.org/ticket/6672. Expanded on initial patch with test coverage. Fixes another one of the commented out cases in the test by picking up URL's which do not include a protocol.
2012-07-01 22:08:09 +12:00
Simon Welsh
e0505406a7 FIX Director::is_absolute_url() now ignores query and fragment strings
Director::is_absolute_url() checks for //. It used to include the
entire URI, now it ignores the query and fragment strings.
2012-06-30 23:48:43 +12:00
Sean Harvey
f7f67d90a5 API CHANGE Static functions Director::redirect(), Director::redirectBack(),
Director::set_status_code(), Director::get_status_code() and
Director::redirected_to() are now deprecated. Use Controller->redirect(),
Controller->redirectBack(), Controller->getResponse()->setStatusCode(),
Controller->getResponse()->getStatusCode() and
Controller->redirectedTo() respectively.
2012-05-23 21:48:06 +12:00
Hamish Friedlander
94f50f554e API CHANGE: Changes to make Director rules set through the new config system. Includes the addition of a new AdminRootController to take over handling of routing /admin/* routes to the correct LeftAndMain panel. 2012-05-19 14:37:32 +12:00
Marcus Nyeholt
b269badfbe FEATURE: Added dependency injector for managing creation of new objects and their dependencies.
API CHANGE: Pass Object::create() calls to Injector::create().
API CHANGE: Add "RequestProcessor" injection point in Director, that Director will call preRequest() and postRequest() on.
2012-05-18 12:39:57 +12:00
Simon Welsh
3f3e34a109 BUGFIX: Director::protocol() was returning https when $_SERVER['HTTPS'] was an empty value. 2012-05-13 20:44:16 +12:00
Ingo Schommer
d5b3dbc6fb SECURITY Return true for Director::is_absolute_url() checks if they're prefixed with two or more slashes (as browsers interpret this as a valid URL)
SECURITY More solid URL checks in Director::is_site_url(), using a conservative parse_url() hostname comparison rather than Director::makeRelative(), which is not designed for security purposes
2012-05-04 12:10:59 +02:00
Ingo Schommer
68051fdb96 Merge pull request #371 from halkyon/sapphire
---

Dont start the session until its actually necessary, which is to say there is a cookie available with the current PHP session name (or a request variable with the session_name() - typically PHPSESSID.) The latter allows for passing session ID through as an alternative to cookies.
2012-05-03 14:58:09 +02:00
Sean Harvey
f63d137d49 ENHANCEMENT Session::start() now only called when there is changed
session data to be saved, and started on Director::direct() when there
is a cookie (or request var) containing the current PHP session name.
2012-04-27 16:28:46 +12:00
Simon Welsh
f07258f3cf MINOR Update @package values to match renaming sapphire 2012-04-15 10:50:19 +12:00
Simon Welsh
3a6341a251 API-CHANGE sapphire folder can now be renamed. 2012-04-15 10:50:19 +12:00
Ingo Schommer
a44b67bae2 API CHANGE Moved RequestHandler->isAjax() to SS_HTTPRequest->isAjax() 2012-04-05 23:00:22 +02:00
Gareth Foster
21d52d3852 BUGFIX #7018 This stops an infinite loop when Depreciation::notice is called from set_dev_servers(). This doesn't stop people from setting $dev_servers directly (not that it is used in the core code anywhere). 2012-03-24 15:57:49 +13:00
Mark Stephens
627708e3a8 BUGFIX: add Director::isDev parameter so we can test if we know we're dev mode already without touching the database. Used in showqueries on MySQL, so that errors are avoided when showing queries on initial switch to dev move (#6856) 2012-03-09 14:20:22 +13:00
Hamish Friedlander
374ed19406 API CHANGE: Change variable expose method in TemplateGlobalProvider and TemplateIteratorProvider to (a) not clash with each other and, (b) be less generic 2012-03-06 09:31:57 +13:00
Hamish Friedlander
fb246bdd08 APICHANGE: Rename getExposedVariables to match coding conventions 2012-03-06 09:31:56 +13:00
Hamish Friedlander
927dbbe717 API-CHANGE: Global template variables can now be called directly using SSViewer_DataPresenter instead of needing to inherit off ViewableData 2012-03-06 09:11:46 +13:00
AngryPHPNerd
0e2cbb0b88 Replace ereg with preg_* 2012-02-27 22:14:02 +01:00
Ingo Schommer
5ab007db21 MINOR Removed apache_request_headers() usage in Director::direct(), it causes inconsistencies in capitalisation over the default method (inspecting $_SERVER) 2012-02-14 13:53:35 +01:00
Sam Minnee
2648411829 ENHANCEMENT: Ensure that forceSSL and protocol detection respects the X-Forwarded-Protocol header. 2012-02-03 09:49:37 +13:00
simonwelsh
7179f04682 API CHANGE: Deprecate Director::set_dev_servers() and Director::set_test_servers() in favour of Director::set_environment_type() or an _ss_environment.php file. 2012-01-01 22:09:41 +13:00
Simon Welsh
dd546a9888 BUGFIX Merge request arrays recursively 2011-12-23 17:48:49 +13:00
Sam Minnee
e5afa25522 MINOR: Use Deprecation class to indicate deprecated methods in core. 2011-10-29 17:34:31 +13:00
Will Rossiter
1732a17114 Merged new-orm into datagrid 2011-09-26 16:47:54 +13:00
Ingo Schommer
2651a1ba81 MINOR Marking Director::extract_request_headers() public because we can't unit test protected methods in PHP 5.2 2011-09-19 16:01:33 +02:00
ajshort
a60f03f28e ENHANCEMENT Sapphire Doesn't Read HTTP Headers (fixes #6311) 2011-09-19 14:49:55 +02:00
Ingo Schommer
ce8e72cf0e MINOR Removing executable flag from all files (thanks miiihi) 2011-09-18 22:04:02 +02:00
Sam Minnee
878b348a0f Merge branch 'master' into new-orm
Conflicts:
	docs/en/reference/built-in-page-controls.md
	model/SQLQuery.php
2011-05-26 17:08:10 +12:00
Ingo Schommer
4bd97cfd79 API CHANGE Removed Director::get_site_mode() and set_site_mode(), functionality no longer required
API CHANGE Removed Director::add_callback(), use custom extension on controller instead
API CHANGE Removed Director::currentPage(), use get_current_page() instead
2011-05-01 20:23:06 +12:00
Sam Minnee
7fbb919ce8 API CHANGE: Introduce DataModel object, as a representation of the project's entire data model, and tie it to $this->model an all DataObjects, Controllers, and RequestHandlers for easy non-static access.
API CHANGE: Add DataList::newObject(), which creates a new object on that DataList.
API CHANGE: RequestHandler::handleRequest() now needs to handle a $model argument, if you override it.
2011-05-01 17:33:02 +12:00
Ingo Schommer
9b29616710 API CHANGE Rearranged files in sapphire to reflect core dependencies more accurately, and have the tests/ folder mirror its folder structure 2011-03-31 09:56:21 +13:00