Commit Graph

787 Commits

Author SHA1 Message Date
Sam Minnée
f6fbd78cd9 Merge pull request #1786 from colymba/3.0-htaccess-fix
vendor folder is blocked only if outside themes
2013-05-24 23:50:41 -07:00
Daniel Hensby
9a6a6ec75d Arbitrary placement of _ss_environment.php in parent folders
Removes hardcoding to three levels
2013-05-14 13:39:43 +02:00
Ingo Schommer
ced199b877 Direct writing of "Security.token" through dev/generatesecuretoken 2013-05-09 10:31:49 +02:00
Fred Condo
68cf2f5db7 Use the correct variable as the key into $record
It was using $fieldName, which is the CSV field name, not the database
field name. This prevents duplicate detection from working. It now
properly uses $SQL_fieldName
2013-04-29 17:25:16 -07:00
colymba
41c0f8080e FIX Only block root vendor folder
Use RewriteRule instead to take in account any subfolder via RewriteBase. Deny ss-cache and composer via RewriteRule too.
2013-04-27 16:03:35 +03:00
Ingo Schommer
9a52dae207 Removed LOLCAT locale from installer (fixes #1457) 2013-04-04 11:18:40 +02:00
Sean Harvey
a99c829ed1 Ensure composer files aren't accessible using IIS 2013-04-03 15:59:14 +13:00
Ingo Schommer
99ca0471f7 Merge remote-tracking branch 'origin/2.4' into 3.0
Conflicts:
	control/RequestHandler.php
	core/control/ContentController.php
	dev/CsvBulkLoader.php
	docs/en/changelogs/index.md
	docs/en/reference/execution-pipeline.md
	docs/en/topics/commandline.md
	docs/en/topics/controller.md
	docs/en/topics/form-validation.md
	docs/en/topics/forms.md
	docs/en/topics/security.md
	model/MySQLDatabase.php
	security/Security.php
	tests/control/ControllerTest.php
	tests/control/RequestHandlingTest.php
2013-03-19 13:56:04 +01:00
Stephen Shkardoon
143317cc86 BUG SQL Injection in CsvBulkLoader (fixes #6227)
Diff should speak for itself, looks like this will have to be implemented in all supported branches.
2013-03-20 00:45:05 +13:00
Ingo Schommer
0c6ac1960e Fixed whitespace usage 2013-02-18 15:43:52 +01:00
Ingo Schommer
92458d9f43 Fixed line lengths 2013-02-18 14:41:49 +01:00
Ingo Schommer
ede381326b BUG Secure composer files from web access (fixes #8011)
Already applied to root .htaccess, but required for dynamically
generated file from installer as well. Also added upgrade instructions.
2013-02-17 22:33:04 +01:00
Sam Minnee
b43bf68f9c MINOR: Minor fixes to FunctionalTest 2013-01-29 18:03:48 +01:00
Sam Minnee
6fcbad1a31 BUGFIX: Updated SilverStripe error handler so that log_errors still works. 2013-01-29 18:03:48 +01:00
Sam Minnee
d8bfc0bb48 API CHANGE: Added Security::set_login_url() so that you can define an alternative log-in page if you have made one yourself. 2013-01-29 18:03:47 +01:00
Sam Minnee
b7a1db7ce3 FIX: Set up the test mailer before loading the fixture, in case fixture-creation causes emails to be generated. 2013-01-29 18:03:45 +01:00
Sam Minnee
5e6f5f9f7e NEW: Allow configuration of send_all_emails_to, ccs_all_emails_to, and bcc_all_emails_to via the config system. 2013-01-29 18:03:27 +01:00
Hamish Friedlander
bec5ae1886 Include code to block yaml files in installer generated .htaccess 2013-01-29 14:20:12 +13:00
Damian Mooyman
f5749795a1 BUG Exception handling and email notification mechanism now correctly considers the stacktrace as provided by the exceptionHandler function, instead of attempting to perform a debug_backtrace further down the reporting chain (which ends up generating an unnecessarily nested stacktrace). Debug was cleaned up so that errorHandler and exceptionHandler both act consistently. As a result, the LogErrorEmailFormatter class could be simplified.
This was required to fix a bug in which exceptions would not have a visible stacktrace when handled by the email logger.
2013-01-24 09:36:42 +01:00
Hamish Friedlander
45eb0f99f7 FIX PHPUnit latest not working with composer installed builds
When using composer, we must rely on the composer autoloader to
load in PHPUnit and not try do to so ourselves, as the old
PHPUnit\Autoload.php file doesnt understand how to find things
in vendor
2013-01-23 14:30:08 +13:00
Ingo Schommer
e8bfc241fd Setting SapphireTest::is_running_test() in PHPUnit bootstrap
Otherwise conditional logic will only succeed
when run through "sake dev/tests", not when
run through phpunit directly (which is the recommended way now)
2013-01-09 23:31:10 +01:00
Sean Harvey
b63e55a77a Merge pull request #993 from halkyon/htaccess_fix
Fixing .htaccess to ignore rewriting PHP files directly
2013-01-06 17:24:49 -08:00
Ingo Schommer
6bcffd66ad Merge pull request #1063 from drzax/log-file-formatter-fix
BUGFIX Ensure  has length before using string index access.
2012-12-20 10:19:03 -08:00
Ingo Schommer
9ffd25225e Don't complain about pre-replaced YAML fixture relations 2012-12-20 12:46:56 +01:00
Simon Elvery
1a4eaaaf04 BUGFIX Ensure has length before using string index access. 2012-12-20 12:27:09 +10:00
Ingo Schommer
e8f3e7b36e Only reset test state in SapphireTest if its previously been set
That's not the case e.g. if the *first* test in a suite
is skipped, so setUp() is never executed completely.
2012-12-17 11:44:08 +01:00
Ingo Schommer
f41f307118 Fixed spacing 2012-12-14 00:09:30 +01:00
Ingo Schommer
c6b1d4aa6b API Storing alternative DB name in cookie rather than session
Session is not initialized by the time we need to use
the setting in DB::connect(). Cookie values get initialized
automatically for each request.

Tightened name format validation to ensure it can only
be used for temporary databases, rather than switching
the browser session to a different production database.

Encrypting token for secure cookie usage.
Added dev/generatesecuretoken to generate this token.
Not storing in YML config directly because of web access issues.
2012-12-13 23:21:48 +01:00
Sam Minnée
b618909220 Merge pull request #1007 from simonwelsh/indent-sniff
Add codesniffer that ensures indentation is with tabs
2012-12-11 20:46:47 -08:00
Ingo Schommer
e8fbfc0bd1 NEW FixtureFactory separated out from YamlFixture
Enables more generic use of the fixture facilities
without dependency on the YAML format, for example
when creating fixtures from Behat step definitions.

Note: The YamlFixture class needs to be created via
Injector::inst()->create('YamlFixture') now,
direct instantiation is no longer supported.
2012-12-11 17:06:27 +01:00
Simon Welsh
fc5dd2994c Add codesniffer that ensures indentation is with tabs. 2012-12-12 00:12:11 +13:00
Ingo Schommer
3be9499c3a Fixed HTML syntax in config-form.html 2012-12-04 17:27:05 +01:00
Ingo Schommer
d1e65b5657 Support for composer-created themes dir structure
Due to git limitations, we can't check out the blackcandy
"parent" theme into themes/blackcandy/ directly, since that
would require sharing paths with git repositories of other themes.
2012-12-04 17:21:53 +01:00
Sean Harvey
449cce95a7 Fixing .htaccess to ignore rewriting PHP files directly 2012-12-04 14:36:59 +13:00
Ingo Schommer
aa72425e84 Fixed PHPUnit assertions for incomplete tests in core
Avoid PHPUnit throwing "test didn't run any assertions"
notices in PHP. If nothing else, it keeps test output
looking less broken by default, making it more likely
that actual errors do get noticed.
2012-11-23 15:16:39 +01:00
Ingo Schommer
453d04e4ba BUG Reset DataObject caches in SapphireTest->resetDBSchema()
This became a problem with fdcd7a2e where $custom_database_fields
were cached, but never reset. It lead to extensions not applying
correctly in SapphireTest->setUpOnce().
2012-11-23 11:14:02 +01:00
Ingo Schommer
a3cd7ddc09 BUG Force SapphireTest schema reset for extension changes
Previously changes to $requiredExtensions and $illegalExtensions
didn't cause a reset unless there was also other schema-altering
settings like $extensionsToRemove or $extraDataObjects
2012-11-23 11:12:03 +01:00
Damian Mooyman
0d7816b55d BUG Fixed issue with Deprecation failing to extract the module from a stacktrace, especially on non-unix systems
API Added Convert::nl2os function to normalise end of line characters across systems with tests
BUG Fixed i18n unit tests in non-unix systems constantly failing
BUG Fixed problems with HTMLCleaner tests failing in non-unix systems
2012-10-17 11:57:16 +13:00
Simon Welsh
4ff8cff262 Minor PHP5.4 fixes
Explictly excludes E_STRICT from live error level and handle arrays in a backtrace
output, rather than trying to convert to string.
2012-10-16 23:37:30 +13:00
Ingo Schommer
392543bde3 BUGFIX Don't' set 'Referer' header in FunctionalTest->get()/post() if its explicitly passed to the method 2012-10-16 10:17:10 +02:00
Sean Harvey
9bb190813f Fixing BulkLoader to use increase_time_limit_to() 2012-10-11 17:12:27 +13:00
Normann Lou
9aaa6b1a7b ENHANCEMENT: change those harded-coded 'sapphire' to 'framework' either in javascript code or inline document, or a <a> href propty. 2012-10-05 17:00:39 +13:00
Simon Elvery
de36063d15 ENHANCEMENT Make it possible to extend SS_Log
Using late static binding makes it possible to override SS_Log to create
logs which are separate to the main Silverstripe log but still use the
built in functionality.

Add test for SS_Log subclassing.
2012-10-04 16:34:20 +10:00
Sam Minnee
1f7fc1f76a FIX Remove instances of lines longer than 120c
The entire framework repo (with the exception of system-generated files) has been amended to respect the 120c line-length limit.  This is in preparation for the enforcement of this rule with PHP_CodeSniffer.
2012-09-30 17:18:13 +13:00
Ingo Schommer
e2f073f38a Method visibility according to coding conventions 2012-09-20 10:46:59 +02:00
Simon Welsh
d0153f32cf Write the test before ending it, so it still exists.
Also, switches to a constant instead of hardcoding the value.
2012-09-19 21:41:34 +12:00
Damian Mooyman
69d888b5d1 FIXED: Issue with test reporting not correctly presenting errors that prevent test execution.
In the case of errors arising during setUp or setUpOnce a unit test will fail to run any individual tests. However, this situation was incorrectly being reported as a test pass (as no tests were run, thus no tests had errors). E.g. the output of a test run that raised an error during setUp would be "0 tests run: 0 passes, 0 failures, and 0 incomplete" with a green background.

To rectify this the following fixes were made:
- Non-cleanly ended tests and test suites are now automatically ended at the end of the test run, as well as at the beginning of subsequent test/suites. This should make catching of errors a lot more robust.
- Errors raised during setup are now no longer lost to the mist of time. The test suite itself will record any error status which was generated outside the scope of any individual tests.
- An additional "errors" count is added to the output at the end of test running. For example, in the case where setup failed and no tests could be run the error would be written to the browser (along with stacktrace) with a message similar to "0 tests run: 0 passes, 0 failures, and 0 incomplete with 1 errors". The intent of this is to separate the concepts of failed/succeeded/incomplete tests from any errors which may have arisen. I.e. no tests "failed" due to the error, but the test run itself is highlighted as an error (red background on the output).

This problem has been a severe cause of issue when testing code that interacts with the database, as any database error during setup would refuse to be shown.
2012-09-19 12:25:58 +12:00
Andrew O'Neil
3fd4f7e855 BUGFIX: Fix loading of fixtures not specified in $fixtures array 2012-09-05 14:26:43 +12:00
Saophalkun Ponlu
60987acbdb Various minor visual enhancements for Sapphire test report 2012-09-01 11:58:52 +12:00
Naomi Guyer
69182c21ce BUG: Installer implies empty template used in tutorial
Have reworded the template options so that installers know that the
simple template is used for the tutorial
2012-08-22 13:42:53 +12:00