Commit Graph

364 Commits

Author SHA1 Message Date
Sam Minnée
ecf8f273c0 Merge pull request #2201 from hafriedlander/fix/session
Fixes to session, primarily around cookie_secure
2013-07-06 18:59:07 -07:00
Hamish Friedlander
d629d9422f FIX Session::$cookie_secure so Sessions still work via HTTP
Session::$cookie_secure adds the secure property to the session Set-Cookie
command, so that the browser wouldnt send it to the server over an unencrypted
link. However the server would still send the cookie to the browser
unencrypted. Also Sessions would stop working properly in HTTP,
but SilverStripe needs them for several things, such as form validation

This patch effectively causes HTTP and HTTPS requests to each have
their own session when cookie_secure is true. The two sessions are
independant from each other, so information set in the session via
HTTPS is safe from attacks on the session via HTTP, but parts
of the site that use HTTP and the session will still work
2013-07-07 09:12:10 +12:00
Hamish Friedlander
2886f6ee14 FIX Session was started every time, even if no data set
Session tracks the user agent in the session, to add some detection of
stolen session IDs. However this was causing a session to always be
created, even if this request didnt store any data in the session.
2013-07-07 09:12:10 +12:00
Hamish Friedlander
c6b4d993cc FIX Director::forceSSL and forceWWW not setting Vary header
If you have a Varnish box in front of a SilverStripe install, and
you call forceSSL, the Vary header wouldnt get sent. As a result
Varnish would respond with the same redirect reponse after the
redirect, leading to an infinite loop
2013-07-06 15:24:01 +12:00
Simon Welsh
fbce9fd7cd Merge branch '3.1'
Conflicts:
	.travis.yml
	docs/en/misc/contributing/code.md
	javascript/HtmlEditorField.js
2013-07-05 10:22:58 +12:00
Damian Mooyman
11f4b2c620 API HTTP::urlRewriter with (string)$code deprecated in 3.1. Fixed regressions and CSS urls.
urlRewriter will expect a callable as a second parameter,
but will work with the current api and simply raise a deprecation error.

HTTP::absoluteURLs now correctly rewrites urls into absolute urls. Resolves introduced in c56a80d6ce

HTTP::absoluteURLs now handles additional cases where urls were not translated.

Test cases for HTTP::absoluteURLs added for both css and attribute links.

Cleaned up replacement expression and improved documentation.
2013-07-05 09:08:58 +12:00
Simon Welsh
9deb11f9a0 Use preg_replace_callback over preg_replace with e modifier 2013-07-05 09:08:58 +12:00
Sean Harvey
7349682d44 Merge pull request #2145 from tractorcow/3.1-controller-redirect
Controller::redirect now returns the resulting SS_HTTPResponse
2013-06-24 14:16:18 -07:00
Ingo Schommer
fb784af738 API Enforce $allowed_actions in RequestHandler->checkAccessAction()
See discussion at https://groups.google.com/forum/?fromgroups#!topic/silverstripe-dev/Dodomh9QZjk

Fixes an access issue where all public methods on FormField were allowed,
and not checked for $allowed_actions. Before this patch you could e.g.
call FormField->Value() on the first field by using action_Value.

Removes the following assertion because it only worked due to RequestHandlingTest_AllowedControllerExtension
*not* having $allowed_extensions declared: "Actions on magic methods are only accessible if explicitly allowed on the controller."
2013-06-24 14:50:40 +02:00
Damian Mooyman
7340da03a7 Controller::redirect now returns the resulting SS_HTTPResponse, allowing the function to better support chaining 2013-06-24 13:39:05 +12:00
Mateusz Uzdowski
53a2dbd207 Add a note on the unit of the Session.timeout. 2013-06-21 10:56:00 +12:00
Kirk Mayo
dff5447cbc BUG: Fix for Cookie expiry timeout being passed as a large number on 64 bit machines 2013-06-20 12:30:48 +12:00
Ingo Schommer
94b4237372 Merge remote-tracking branch 'origin/3.1' 2013-06-19 11:17:33 +02:00
Sam Minnee
526b40414a FIX: Ensure that actions inferred from templates with the "_action" suffix also respect allowed_actions.
FIX: Ensure SSViewer::hasTemplate() is aware of themes.

To do this, RequestHandler::definingClassForAction() has been created, splitting out the code that looks up the class that defines a given action into its own method.  This is then overridden in Controller to look at templates.
2013-06-19 20:11:50 +12:00
Ingo Schommer
4ef83a2895 Using Cookie class in Session::destroy()
It allows us to suppress "headers sent" errors, which is particularly
important in phpunit test runs.
2013-06-18 23:06:22 +02:00
Sam Minnee
a6bd8f8f43 Ensure Cookie::get() will immediately return results.
Without this change, a call to Cookie::get() immediately after Cookie::set()
won't return the value provided.  This creates some unintuitive edge-cases,
although to date it looks like they have been worked around.

The patch doesn't have a test because our testing framework doesn't deal
with cookies well.
2013-06-07 11:27:15 +12:00
Ingo Schommer
88536998b9 Merge remote-tracking branch 'origin/3.1'
Conflicts:
	.travis.yml
2013-05-31 18:08:59 +02:00
Sam Minnee
f2c918dc45 FIX: Make session timeout inactive-time only.
By default, the Session.timeout configuration option specifies the total
session time, regardless of the amount of activity.  This change means
that the timeout specifies how long without any further dynamic requests
before the session cookie expires.

The way it does this is to re-set the session cookie expiry with a
subsequent Set-Cookie command each time a request that necessitates
a session is called.

Strictly speaking, it's a change in session timeout semantics, but I think
it's a good one, because total-session-time-regardless-of-activity is a
stupid timeout to include, and has more to do with the mechanics of the
internet than with application security requirements.
2013-05-31 16:26:04 +12:00
Stephen Shkardoon
d6c2c2e07f Fixes #1892 - Stop session hijacking with UA check 2013-05-25 19:29:08 +12:00
Sam Minnée
83be513f91 Merge pull request #1816 from silverstripe-rebelalliance/bug/emptyrules
FIX Allow Director::$rules like //$Action
2013-05-24 20:38:43 -07:00
Sam Minnee
d97ca43cd0 Merge branch '3.1'
Conflicts:
	README.md
	dev/install/install.php5
	forms/ConfirmedPasswordField.php
	tests/forms/FormTest.php
2013-05-23 19:01:58 +12:00
Mateusz Uzdowski
2f7fd967b2 BUG Clean up the logOut and session destructon routines. 2013-05-23 13:27:41 +12:00
Will Rossiter
ddcfcf7bed Update @package, @subpackage labels
Cleanup of framework's use of @package and @subpackage labels and additional of labels for classes missing packages.

Moved all GridField related components to the one name.

Countless spelling fixes, grammar for other comments.

Link ClassName references in file headers.
2013-05-21 22:24:41 +12:00
Jeremy Shipman
b1ba8bd05b FIX: Updated protocol check to become more stringent. 2013-05-20 12:46:44 +12:00
Jeremy Shipman
d21fd1f0bb FIX: Don't rewrite urls to be absolute, if they are a URI with a protocol.
This is determined in this fix by the existence of a colon ':', to show the uri has a protocol.
2013-05-20 11:59:04 +12:00
g4b0
6d7b938b7a Bugfix: Added private static $defaultFormat in order to choose default via config. Permit WCAG validation of XHTML. 2013-05-13 11:34:35 +02:00
Will Rossiter
1325d736a0 API: Add Director::is_https() 2013-05-10 22:31:38 +12:00
Will Rossiter
07b9bd8527 PHPDoc + coding conventions 2013-05-10 21:59:20 +12:00
Fred Condo
f5c6285240 Anchor regex in Director#is_absolute_url()
- Anchor the regex to the beginning of the string
- Change the regex delimiter to reduce the amount of \ clutter
2013-05-03 16:07:25 -07:00
Ingo Schommer
6c2e791a48 Merge remote-tracking branch 'origin/3.1' 2013-04-29 08:59:06 +02:00
Hamish Friedlander
0ae3050e9e FIX Allow Director::$rules like //$Action
In 3.0, doing $Action => SomeController would redirect all action requests
to that default controller. In 3.1, you need to do //$Action => SomeController
but it didnt work - those initial slashes broke matching
2013-04-29 16:13:37 +12:00
Damian Mooyman
b6fc1d314e BUG HTTP will now correctly pass over mailto: links when converting relative links to absolute (e.g. in Emails) 2013-04-18 14:25:51 +12:00
Ingo Schommer
0343a77d30 Merge remote-tracking branch 'origin/3.1' 2013-04-11 11:42:04 +02:00
Loz Calver
58de19e01f Fix: RequestHandler not managing 404/403 errors correctly (fixes #1696) 2013-04-09 15:43:50 +01:00
Ingo Schommer
7121fc3f85 FIX Config isolation in Director::test() 2013-04-07 23:59:10 +02:00
Andrew Short
1fc780ce2b API: Return a 404 error when no director rule is matched 2013-04-06 18:19:03 +11:00
Ingo Schommer
2266638475 Note on usage of HTTP::send_files() for large files (see trac/5125) 2013-04-05 14:03:13 +02:00
Sean Harvey
6eda25a090 NEW Allow specifying the secure domain to Director::forceSSL() 2013-04-03 17:47:36 +13:00
Ingo Schommer
07d99a5136 FIX Fallback for Session.cookie_path
Regression introduced by Config API static changes.
Effectively meant that you can no longer log in to the CMS
since the cookie path is set for each URL individually...
2013-03-25 23:03:34 +01:00
Ingo Schommer
3334eafcb1 API Marked statics private, use Config API instead (#8317)
See "Static configuration properties are now immutable, you must use Config API." in the 3.1 change log for details.
2013-03-24 17:20:53 +01:00
Ingo Schommer
183396a8ab Disable RequestHandler->handleAction() deprecation until we have fixed LeftAndMain usage 2013-03-24 17:20:36 +01:00
Ingo Schommer
0a13d29e4a Merge pull request #1214 from silverstripe-rebelalliance/feature/request_handling
FIX handleAction methods should be protected now
2013-03-20 13:52:45 +01:00
Hamish Friedlander
743a186c32 API Make SSViewer#process return HTMLText not string
This means that you dont have to worry about casting it
as HTMLText again when using the result in a template or other context

However in some situations code might be assuming it can
check with is_string, in which case you now need to use instanceof HTMLText
2013-03-14 12:49:03 +13:00
g4b0
d32cd5be16 Added some more XHTML replacement and relative unit test. Content_type comfigurable. 2013-03-12 16:06:59 +01:00
Ingo Schommer
2419d1aa46 XHTML formatting <hr> (fixes #8297) 2013-03-08 10:42:32 +01:00
Ingo Schommer
b8e5ebb9e3 Merge pull request #1242 from dhensby/request-patch
API Adding setURL to HTTPRequest object
2013-03-07 11:18:04 -08:00
g4b0
13b7386a2f BUGFIX: Removed XHTML XML declaration requirement 2013-03-07 11:35:24 +01:00
Daniel Hensby
9258485aeb API Adding setURL to HTTPRequest object
The current RootURLController needs to be able to change the url of a
request, so I've added it.
2013-02-28 08:50:53 +00:00
Ingo Schommer
39789529d7 Merge remote-tracking branch 'origin/3.0' into 3.1
Conflicts:
	tests/control/HTTPResponseTest.php
	tests/travis/before_script
2013-02-27 10:27:22 +01:00
Ingo Schommer
e6fffb9ef9 API Remove content-length setting in HTTPResponse
It's not reliable. Started in c69381c33, but only partially reverted.
2013-02-27 10:07:54 +01:00
Ingo Schommer
bea1b9002d Merge remote-tracking branch 'origin/3.0' into 3.1
Conflicts:
	control/HTTP.php
2013-02-26 13:28:35 +01:00
Sam Minnee
b2dfa77056 FIX: Ensure that Director::test() doesn't return a string 2013-02-25 16:27:44 +13:00
Hamish Friedlander
a193666df1 FIX handleAction methods should be protected now 2013-02-20 11:47:29 +13:00
Ingo Schommer
0c6ac1960e Fixed whitespace usage 2013-02-18 15:43:52 +01:00
Ingo Schommer
92458d9f43 Fixed line lengths 2013-02-18 14:41:49 +01:00
Ingo Schommer
a86e4ee00c Merge remote-tracking branch 'origin/3.0' into 3.1
Conflicts:
	tests/injector/InjectorTest.php
	tests/travis/before_script
2013-02-18 14:15:42 +01:00
Hamish Friedlander
9ecea763c3 Merge pull request #1186 from nyeholt/injector_configged_create
FIX issue with Injector::create not passing args
2013-02-17 18:38:24 -08:00
Hamish Friedlander
4b54383d68 API change request handling to be more orthogonal
RequestHandler#handleAction now exists. It takes the request, and
the action to call on itself. All calls from handleRequest to call an action
will go through this method

Controller#handleAction has had it's signature changed to
match new RequestHandler#handleAction

RequestHandler#findAction has been added, which extracts the
"match URL to rules to find action" portion of RequestHandler#handleRequest
into a separate, overrideable function

GridField#handleAction has beeen renamed to handleAlterAction and
CMSBatchActionHandler#handleAction has been renamed to handleBatchAction to
avoid name clash with new RequestHandler#handleAction

Reason for change: The exact behaviour of request handling depended heavily
on whether you inherited from RequestHandler or Controller, and whether the
rule extracted it's action directly (like "foo/$ID" => 'foo') or dynamically
(like "$Action/$ID" => "handleAction"). This cleans up behaviour so
all calls follow the same path through handleRequest and handleAction, and
the additional behaviour that Controller adds is clear.
2013-02-18 14:56:04 +13:00
Hamish Friedlander
5fd55a50f2 API Tighten up allowed_actions
allowed_actions is now only allowed to reference public methods defined
on the same Controller as the allowed_actions static, and
the wildcard "*" has been deprecated
2013-02-18 14:53:33 +13:00
Hamish Friedlander
7efae6b95f Merge remote-tracking branch 'origin/3.0' into 3.1 2013-02-18 14:31:57 +13:00
Ingo Schommer
f06ba70fc9 BUG Undefined $allowed_actions overrides parent definitions, stricter handling of $allowed_actions on Extension
Controller (and subclasses) failed to enforce $allowed_action restrictions
on parent classes if a child class didn't have it explicitly defined.

Controllers which are extended with $allowed_actions (through an Extension)
now deny access to methods defined on the controller, unless this class also has them in its own
$allowed_actions definition.
2013-02-17 23:30:36 +01:00
Marcus Nyeholt
428cbe4b03 FIX issue with Injector::create not passing args
If creating an object using Injector::create() and constructor arguments
are passed through, in some cases where the object being created had a yml
configuration set for it, the passed in constructor arguments weren't being
passed through to the instantiation of the object.
2013-02-15 10:24:47 +11:00
ajshort
ff19f3b11a BUG: Fixed the injection of named services. 2013-02-13 23:06:15 +11:00
Sean Harvey
02d58b1015 Merge pull request #1177 from mateusz/session-set-form-message
BUG Adjust Session::setFormMessage to fit with underlying API.
2013-02-11 15:14:12 -08:00
Mateusz Uzdowski
d52d5f71c5 BUG Adjust Session::setFormMessage to fit with underlying API. 2013-02-12 11:00:36 +13:00
Ingo Schommer
14a56c18e9 Merge remote-tracking branch 'origin/3.0' into 3.1
Conflicts:
	control/Director.php
2013-02-07 21:45:16 +01:00
Ingo Schommer
d77e06d585 Merge pull request #1123 from chillu/pulls/revert-content-length
API Remove Content-Length setting from HTTPResponse (fixes #8010)
2013-01-31 10:19:17 -08:00
Ingo Schommer
634c91c6ff Merge remote-tracking branch 'origin/3.0' into 3.1
Conflicts:
	email/Mailer.php
2013-01-30 12:46:24 +01:00
Sam Minnee
f54697930e API CHANGE: Add a PermissionFailureException that can be thrown to trigger a log-in. 2013-01-29 18:10:42 +01:00
Sam Minnee
b6fd27663a MINOR: Don't throw redirection warning if redirection to the same place. 2013-01-29 18:03:49 +01:00
Sam Minnee
82988d421b BUGFIX: Better error message when 401 response is corrupted. 2013-01-29 18:03:48 +01:00
Sam Minnee
f8206d15c8 BUGFIX: Prevent notice-level error in Session code when non-array is turned into an array. 2013-01-29 18:03:48 +01:00
Sam Minnee
f72c77e984 MINOR: Fixed a glitch that causes warnings in cli-script execution. 2013-01-29 18:03:48 +01:00
Damian Mooyman
1ca15d0399 API HTTP::urlRewriter with (string)$code deprecated in 3.1. Fixed regressions and CSS urls.
urlRewriter will expect a callable as a second parameter,
but will work with the current api and simply raise a deprecation error.

HTTP::absoluteURLs now correctly rewrites urls into absolute urls. Resolves introduced in c56a80d6ce

HTTP::absoluteURLs now handles additional cases where urls were not translated.

Test cases for HTTP::absoluteURLs added for both css and attribute links.

Cleaned up replacement expression and improved documentation.
2013-01-24 09:49:44 +01:00
Simon Welsh
3439e30ac1 Corrects indentation and line length 2013-01-24 19:56:02 +13:00
Ingo Schommer
c69381c33e API Remove Content-Length setting from HTTPResponse (fixes #8010)
This reverts commit 356a367eb5.
We can't use headers_sent() to determine an accurate
content length, since PHP defaults to buffering a couple of bytes
even without ob_start() (see "output_buffering" setting).
This makes the patch harmful, since it breaks any responses relying
on more structure data, like removing closing brackets from JSON.
Which in turn breaks the CMS in horrible ways (see #8010).
See #7574 for context.
2013-01-23 15:05:33 +01:00
Ingo Schommer
c11b3918fc Merge remote-tracking branch 'origin/3.0' into 3.1
Conflicts:
	admin/css/screen.css
	admin/scss/_style.scss
	core/PaginatedList.php
	email/Mailer.php
2013-01-21 11:14:57 +01:00
Hamish Friedlander
f41a7d8b65 FIX: Fix issue with not being able to log out on Chrome when caching enabled because of Chrome bug 2013-01-08 17:47:05 +13:00
Hamish Friedlander
2916f2043c NEW: Improve HTTP caching logic to automatically disable caching for requests that use the session.
This improvement makes it easier to set a side-wide default cache time without needing to worry about CSRF-protected forms, etc.
2013-01-08 17:47:05 +13:00
Sam Minnee
b114aa2488 BUGFIX: Added X-Forwarded-Protocol and User-Agent to Vary header. 2013-01-08 17:47:05 +13:00
Simon Welsh
c56a80d6ce Use preg_replace_callback over preg_replace with e modifier 2012-12-20 13:40:42 +13:00
Ingo Schommer
f03ad7b0dd Merge remote-tracking branch 'origin/3.0' into 3.1
Conflicts:
	admin/javascript/LeftAndMain.AddForm.js
	control/Director.php
	control/HTTPResponse.php
	dev/Profiler.php
	email/Mailer.php
	forms/ComplexTableField.php
	forms/ManyManyComplexTableField.php
	forms/SimpleImageField.php
	forms/TableField.php
	forms/TableListField.php
	javascript/ComplexTableField.js
	javascript/ImageFormAction.js
	javascript/TableField.js
	javascript/TableListField.js
	security/Member.php
	tests/behat/features/bootstrap/SilverStripe/Framework/Test/Behaviour/CmsUiContext.php
	tests/forms/TableListFieldTest.php
2012-12-12 10:11:56 +01:00
Ingo Schommer
8fdea7a2ab Merge pull request #1019 from nyeholt/injector_convert_service_params
BUG Fixed issue with convertServiceProperty
2012-12-12 01:07:47 -08:00
Simon Welsh
b0121b541c Add codesniffer that ensures indentation is with tabs. 2012-12-12 17:33:31 +13:00
Marcus Nyeholt
4f63f91cc8 BUG Fixed issue with convertServiceProperty
Fixed issue where convertServiceProperty is called when creating objects
with user-supplied constructor arguments, so that it's only called when
creating objects using injector configuration. This reduces the overhead
of unnecessary calls to convertServiceProperty.

Updated test cases to validate behaviour
2012-12-12 15:22:23 +11:00
Simon Welsh
fc5dd2994c Add codesniffer that ensures indentation is with tabs. 2012-12-12 00:12:11 +13:00
Sean Harvey
d13b067b54 Remove deprecated HTTP::getMimeType() use get_mime_type() instead 2012-11-16 14:33:20 +13:00
Sean Harvey
6a868e79e1 Removing deprecated prototype/behaviour libraries 2012-11-16 11:37:56 +13:00
Sean Harvey
63983ad777 Remove deprecated RequestHandler::isAjax(), use SS_HTTPRequest->isAjax() instead 2012-11-15 14:43:13 +13:00
Sean Harvey
491057fa95 Remove deprecated Director dev/test server functions
Use SS_ENVIRONMENT_TYPE in your _ss_environment.php file, or
Director::set_environment_type()
2012-11-15 14:43:13 +13:00
Sean Harvey
66d8ff95de Remove deprecated Director static functions
Director::redirect() -> Controller->redirect()
Director::redirect_to() -> Controller->redirectedTo()
Director::set_status_code() -> Controller->getResponse()->setStatusCode()
Director::get_status_code() -> Controller->getResponse()->getStatusCode()
Director::redirectBack() -> Controller->redirectBack()
2012-11-15 14:43:13 +13:00
Sean Harvey
de0ade9636 Remove deprecated Director::urlParam() and Director::urlParams()
Use the methods param() and params() on SS_HTTPRequest instead.
2012-11-15 14:43:12 +13:00
Ingo Schommer
fb5e488103 Line length fixes 2012-10-03 18:11:31 +02:00
Ingo Schommer
56f7ce1dcf Merge remote-tracking branch 'origin/3.0'
Conflicts:
	control/Cookie.php
	control/Director.php
	control/HTTPResponse.php
	model/Database.php
	model/MySQLDatabase.php
	model/SQLQuery.php
	view/Requirements.php
	view/SSViewer.php
2012-10-03 16:16:19 +02:00
Sam Minnee
1f7fc1f76a FIX Remove instances of lines longer than 120c
The entire framework repo (with the exception of system-generated files) has been amended to respect the 120c line-length limit.  This is in preparation for the enforcement of this rule with PHP_CodeSniffer.
2012-09-30 17:18:13 +13:00
Ingo Schommer
356a367eb5 BUG Setting response length directly before output (fixes #7574)
Complying to HTTP1.1/RFC2616 in terms of when to
set 'Content-Length' in the first place
2012-09-29 17:24:33 +02:00
Sam Minnee
39952f4a5c API: Added 'onBeforeHTTPError' and 'onBeforeHTTPError<code>' extension points to RequestHandler::httpError().
These APIs are primarily intended to let developers write custom 404 handlers.  They can define an onBeforeHTTPError404() method on an Extension that gets added to Controller or RequestHandler.

The SS_HTTPResponse_Exception object has also been tidied up to override the status info of any SS_HTTPResponse object that might get passed.  This is mainly to make it easier for callers (such as ContentController and ModelAsController) to use RequestHandler::httpError() more consistently.
2012-09-27 12:26:25 +12:00
Zauberfisch
7f1b6cfe26 MINOR: HTTPRequest and HTTPResponse now return $this on all setters
MINOR: also added some docs
2012-09-21 22:20:12 +00:00
Simon Welsh
1e629f4585 Merge branch '3.0'
Conflicts:
	control/Cookie.php
	control/Director.php
	dev/Profiler.php
	view/Requirements.php
2012-09-21 14:56:56 +12:00
Ingo Schommer
e2f073f38a Method visibility according to coding conventions 2012-09-20 10:46:59 +02:00
Ingo Schommer
1088d044c5 Merge remote-tracking branch 'origin/3.0'
Conflicts:
	.travis.yml
2012-09-07 17:21:41 +02:00
Damian Mooyman
c2a8eec43c APICHANGE: Changed behaviour of HTTP_Request::params to include route table params (as per 2.4 behaviour, see FIX: below).
ADDED: HTTP_Request::params() to retrieve all (shifted) params used in the request
FIXED: Issue where route-table level arguments would not be accessible without using non-deprecated API.
ADDED: Test case to test the above items
UPDATED: Extended Director::test to allow for the retrieval of the request object
UPDATED: Deprecated notice on Director::urlParam and Director::urlParams
REMOVED: Unused variable
FIXED: Coding convention conformity
2012-08-27 10:56:59 +12:00
Simon Welsh
f1db583fb4 NEW Allow arguments to be passed to allowed_action checkers
This allows arguments to be passed along in an $allowed_actions deceleration of
the form 'action' => '->method' in the same way that arguments can be passed to
extension constructors when adding them using $extensions or
Object::add_extension.

I.e. 'action' => '->checkerMethod(false, 7, 2, "yesterday") would call the
checkerMethod method with the boolean false the numbers 7 and 2 and  the string
"yesterday" as its arguments.
2012-08-23 17:05:12 +12:00
Ingo Schommer
5a2247a440 Merge pull request #589 from simonwelsh/absolute_url
FIX Director::is_absolute_url() now ignores query string
2012-08-16 11:50:29 -07:00
Hamish Friedlander
95d0be636c Merge remote-tracking branch 'origin/3.0' 2012-07-25 11:44:53 +12:00
Hamish Friedlander
35cc65820c BUG Make RequestProcessor->filters settable as a property too
filters was a DI property that could only be set via constructor. This meant that modules couldnt add a
filter without interfering with other modules. With this change you can now add a config block like:

Injector:
  RequestProcessor:
    properties:
      filters:
        - "%$MyFilter"

Which will add a filter to RequestProcessors list of filters
2012-07-19 13:58:58 +12:00
Ingo Schommer
3ae8b0b665 Merge remote-tracking branch 'origin/3.0' 2012-07-18 15:00:06 +02:00
Ingo Schommer
712f28bc78 Scoped deprecation messages (fixes #7645) 2012-07-13 11:37:35 +02:00
Will Rossiter
c91e855f35 FIX: resolve errors with commits from (#572) 2012-07-10 20:06:05 +12:00
Will Rossiter
2ac297771a Merge pull request #595 from fatlewis/master
ENHANCEMENT: Improving Cookie class to allow for extendability
2012-07-09 14:57:31 -07:00
Ingo Schommer
e00c87541e Merge pull request #618 from chillu/pull/deprecate-profiler
API Deprecated Profiler class, removed related debug GET params
2012-07-05 13:43:37 -07:00
Ingo Schommer
0fe515e182 API Deprecated Profiler class, removed related debug GET params
Use third party tools like XHProf instead.
Removed defunct or unnecessary debug GET parameters:
debug_profile, debug_memory, profile_trace, debug_javascript, debug_behaviour
2012-07-05 12:02:06 +02:00
Tim Klein
a67b964267 FIX: improve Director::makeRelative() to ignore SSL changes.
See http://open.silverstripe.org/ticket/6672. Expanded on initial patch with test coverage. Fixes another one of the commented out cases in the test by picking up URL's which do not include a protocol.
2012-07-01 22:08:09 +12:00
Simon Welsh
e0505406a7 FIX Director::is_absolute_url() now ignores query and fragment strings
Director::is_absolute_url() checks for //. It used to include the
entire URI, now it ignores the query and fragment strings.
2012-06-30 23:48:43 +12:00
Matt Lewis
85a1e1a0bb MINOR: Altering Visibility
Altering visibility to protected on instance methods for the cookie
class
2012-06-29 17:42:14 +01:00
Matt Lewis
ebb2458f22 ENHANCEMENT: Improving Cookie class to allow for extendability
Previous to this the Cookie class has been very inflexible (cookies are
all set using the static Cookie::set() and so the functionality is not
extendable). Cookie class has been adjusted so extension is now a
possibility for those wishing to alter its functionality. Improves
compliance to the law of demeter.
2012-06-29 17:32:47 +01:00
Will Rossiter
16cb504d8e API: add $includeGetVars flag for SS_HTTPRequest() to return the URL with the attached GET parameters. 2012-06-29 22:02:30 +12:00
Ingo Schommer
6af3b076be MINOR Fixed phpdocs 2012-06-20 23:59:57 +02:00
Will Rossiter
e57dd604aa MINOR: remove dependency on RootURLController and show a default Controller template as a failback. 2012-06-20 16:17:26 +02:00
Ingo Schommer
417c03716c BUGFIX Avoid Session::set() clearing on existing val (fixes #7487) 2012-06-17 23:46:52 +02:00
Sam Minnée
dda9683758 Merge pull request #530 from nyeholt/injector_updates
A resubmission of a previous pull request. Contains a couple of bugfixes (including ticket #7448) and minor usage enhancements
2012-06-14 16:42:30 -07:00
carlos barberis
856991d644 BUGFIX: Ticket #6069 Checking of URLSegment can end in an infinite loop (when saving Page in CMS) 2012-06-15 11:27:58 +12:00
Marcus Nyeholt
77099ddf9d BUGFIX Moved initialisation of injector to the start of Core.php to make sure that it is initialised correctly before additional code blocks reference it (in particular some of the code introduced by Sam that is triggered during add_extension). 2012-06-14 20:28:20 +10:00
Marcus Nyeholt
56388ef1d8 BUGFIX Make sure to only construct args for prototype object creation if
there are actually args passed through to prevent overwriting with null
args if they're passed

MINOR Added __get alias to remove need for explicit ->get() call

MINOR Added the injector instance as an object that can be injected into other classes

BUGFIX Fixed issue described in http://open.silverstripe.org/ticket/7448 whereby using the injector to create an object of a type already registered as a singleton would actually overwrite the stored singleton object
2012-06-14 18:22:02 +10:00
Ingo Schommer
8ecdd0b082 Merge branch 'pjax-set-fragments' of https://github.com/mateusz/sapphire into mateusz-pjax-set-fragments 2012-06-13 10:31:09 +02:00
Mateusz Uzdowski
377ac50773 ENHNANCEMENT: allow overriding of PJAX fragments included in the response. 2012-06-13 12:57:11 +12:00
Ingo Schommer
b1d95cffac BUGFIX Passing existing SS_HTTPResponse to PjaxResponseNegotiator in LeftAndMain so state like X-Status HTTP headers are retained (fixes #7427) 2012-06-13 00:27:03 +02:00
Ingo Schommer
12f2e1e176 Merge branch 'pjax-multiple' 2012-06-05 14:01:18 +02:00
Ingo Schommer
cb8b11812c API CHANGE Moved RestfulServer into its own module at https://github.com/silverstripe/silverstripe-restfulserver (fixes #7282) 2012-06-04 10:21:29 +02:00
Ingo Schommer
0b7af1ac17 MINOR Fixed PHPDoc on Cookie class (fixes #7404) 2012-05-30 16:43:16 +02:00
Ingo Schommer
1102bbdf17 MINOR Removed ability in PjaxResponseNegotiator to send non-JSON responses for single fragments, as we're now relying on the server communicating which segment needs replacement (through the JSON key) 2012-05-30 15:07:14 +02:00
Ingo Schommer
b3d99d5418 MINOR Retaining case in PjaxResponseNegotiator, in order to pass back to client correctly 2012-05-30 15:07:14 +02:00
Ingo Schommer
473eda43cb ENHANCEMENT Allowing multiple fragments to be returned by PjaxResponseNegotiator through JSON 2012-05-30 15:07:13 +02:00
Sam Minnée
c5616f8724 Merge pull request #487 from nyeholt/injector_bugfixes
Change singleton and strong_create to use dependency injector, with additional fixes to existing classes to behave correctly
2012-05-23 18:46:48 -07:00
Marcus Nyeholt
82495f5a7e BUGFIX Versioned's constructor doesn't provide suitable defaults. Previously a bug/feature in singleton, where it would pass null,true as params to strong_create, which would then get passed through as params to Versioned's constructor, meant that the code still executed fine (as was set to something that wasn't an array, so the null and true were instead taken as args). The fact that the usage of singleton(Versioned) never really used the classes code, purely for value lookup, meant that this never propagated errors. I've now switched singleton() to use the injector for retrieving values, which means these dud values are no longer passed through
CHANGE Given that Config::inst is an implementation of the singleton pattern itself, I've removed the extra call to singleton(). A side effect of this is that it gets around a possibly nasty circular reference with the dependency injector (which relies on the config object); in future, this dependency structure should really be structured from the DI directly.

MINOR Change singleton and strong_create to use dependency injector

BUGFIX: Provide default constructor values for classes (fixes issues when used in 'singleton' scenario during dev/build in particular)

MINOR Clear out injector state when resetting db schema during tests (a follow on from changing singleton() calls to use the injector underneath)
2012-05-23 21:10:04 +10:00
Sean Harvey
f7f67d90a5 API CHANGE Static functions Director::redirect(), Director::redirectBack(),
Director::set_status_code(), Director::get_status_code() and
Director::redirected_to() are now deprecated. Use Controller->redirect(),
Controller->redirectBack(), Controller->getResponse()->setStatusCode(),
Controller->getResponse()->getStatusCode() and
Controller->redirectedTo() respectively.
2012-05-23 21:48:06 +12:00
Sam Minnée
f348141cfd Merge pull request #466 from silverstripe-scienceninjas/feature/config-enhancements
Feature/config enhancements
2012-05-20 19:03:43 -07:00
Ingo Schommer
fedb337aa5 BUGFIX Less strict checks for relative URL normalization in SS_HTTPRequest (regression from recent security fixes to Director::is_absolute_url()) (fixes #7359) 2012-05-20 11:16:34 +02:00
Sean Harvey
e5e8f489a2 Merge branch (pull request #247) 'template-global-fixes' of https://github.com/sminnee/sapphire into sminnee-template-global-fixes 2012-05-19 15:39:59 +12:00
Hamish Friedlander
94f50f554e API CHANGE: Changes to make Director rules set through the new config system. Includes the addition of a new AdminRootController to take over handling of routing /admin/* routes to the correct LeftAndMain panel. 2012-05-19 14:37:32 +12:00
Marcus Nyeholt
b269badfbe FEATURE: Added dependency injector for managing creation of new objects and their dependencies.
API CHANGE: Pass Object::create() calls to Injector::create().
API CHANGE: Add "RequestProcessor" injection point in Director, that Director will call preRequest() and postRequest() on.
2012-05-18 12:39:57 +12:00
Sean Harvey
78423c1bd0 BUGFIX Ensure HTTP::get_mime_type() checks the full path in
file_exists() before using the finfo class
2012-05-18 09:22:02 +12:00
Sean Harvey
c9bcfd49ec BUGFIX Only use finfo if the file exists, otherwise the MIME type
detection won't work, such as in the case of HTTPRequest::send_file()
2012-05-17 14:54:30 +12:00
Stig Lindqvist
7d9cf5b365 MINOR Use File::get_file_extension for fallback mime-type detection 2012-05-15 10:03:00 +12:00
Stig Lindqvist
c9bc485f34 MINOR Failover to configuration if the finfo module doesn't exists when getting file mime-type. 2012-05-14 10:04:35 +12:00
Simon Welsh
3f3e34a109 BUGFIX: Director::protocol() was returning https when $_SERVER['HTTPS'] was an empty value. 2012-05-13 20:44:16 +12:00
Ingo Schommer
a0c0154dac Merge pull request #429 from halkyon/http_changes
API CHANGE Removed old HTTP::sendRequest() and HTTP::sendPostRequest()
2012-05-11 01:03:22 -07:00
Sean Harvey
1616bae730 MINOR Adding phpdoc to HTTP::get_mime_type() 2012-05-11 14:05:40 +12:00
Stig Lindqvist
dffae1a2e7 API CHANGE: Do not rely on a specific OS mime type detection, use PHP finfo
This also removes the $global_mimetypes that was generating weird errors when both HTTP and Mailer classes tried to modify and use it.

Support of finfo should be straightforward since PHP 5.3 includes that module that default
2012-05-11 11:34:07 +12:00
Sean Harvey
8a46e38613 API CHANGE Removed old HTTP::sendRequest() and HTTP::sendPostRequest()
functions which are sparsely used, and not maintained or tested. Use custom code instead.
2012-05-11 11:04:51 +12:00
Ingo Schommer
59d31c2fc2 MINOR Removed mbstring support checks, its an installation requirement 2012-05-08 15:32:15 +02:00
Ingo Schommer
d5b3dbc6fb SECURITY Return true for Director::is_absolute_url() checks if they're prefixed with two or more slashes (as browsers interpret this as a valid URL)
SECURITY More solid URL checks in Director::is_site_url(), using a conservative parse_url() hostname comparison rather than Director::makeRelative(), which is not designed for security purposes
2012-05-04 12:10:59 +02:00
Ingo Schommer
68051fdb96 Merge pull request #371 from halkyon/sapphire
---

Dont start the session until its actually necessary, which is to say there is a cookie available with the current PHP session name (or a request variable with the session_name() - typically PHPSESSID.) The latter allows for passing session ID through as an alternative to cookies.
2012-05-03 14:58:09 +02:00
Sean Harvey
0882741f54 API CHANGE Renamed setModel for DataModel instances to setDataModel for
semantics, and also to allow a field name called "Model"
2012-05-01 14:45:44 +12:00
Sean Harvey
f63d137d49 ENHANCEMENT Session::start() now only called when there is changed
session data to be saved, and started on Director::direct() when there
is a cookie (or request var) containing the current PHP session name.
2012-04-27 16:28:46 +12:00
Sean Harvey
bd6ca59558 ENHANCEMENT Adding list-style in addition to list-style-image for URL rewrites 2012-04-27 11:20:05 +12:00
Fred Condo
4756b97daa BUGFIX: absoluteURLs() rewrites URLs in list-style-image elements
This applies the patch from and resolves #6798
2012-04-26 14:53:09 -07:00
Will Rossiter
8e8c1302a2 Merge pull request #360 from joaosantos81/master
MINOR: clear_all returns void (and not the result of inst_clearAll() invocation)
2012-04-22 01:49:53 -07:00
joaosantos81
611cd53be8 inst_clearAll() does not return anything so clear_all() method should not expect any return value from inst_clearAll invocation 2012-04-20 18:36:11 +02:00
Sean Harvey
4c6be2931b BUGFIX Removing use of deprecated Object static functions like
get_static(), set_static(), uninherited() etc. Replace with equivalent
Config system get(), update()
2012-04-18 23:10:57 +12:00
Sean Harvey
effc654009 MINOR Moved ModulePath to GenericTemplateGlobalProvider 2012-04-15 10:50:21 +12:00
Sean Harvey
8949dfa691 ENHANCEMENT Replaced locations of sapphire with $ModulePath(framework) in templates, based off Controller which implements TemplateGlobalProvider 2012-04-15 10:50:20 +12:00
Simon Welsh
f07258f3cf MINOR Update @package values to match renaming sapphire 2012-04-15 10:50:19 +12:00
Simon Welsh
3a6341a251 API-CHANGE sapphire folder can now be renamed. 2012-04-15 10:50:19 +12:00
Simon Welsh
f8082e4814 MINOR Add newline to end of files without one 2012-04-15 10:50:19 +12:00
Andrew O'Neil
d368f3605b MINOR: Remove default paramenter from handleRequest() so it complies with the interface correctly. Fixes E_STRICT warning. 2012-04-11 17:20:49 +12:00
Sam Minnee
e01b0aa3d0 ENHANCEMENT PjaxResponseNegotiator for more structured partial ajax refreshes, applied in CMS and GridField. Also fixes issues with history.pushState() and pseudo-redirects on form submissions (e.g. from page/add to page/edit/show/<new-record-id>) 2012-04-05 23:00:22 +02:00
Ingo Schommer
a44b67bae2 API CHANGE Moved RequestHandler->isAjax() to SS_HTTPRequest->isAjax() 2012-04-05 23:00:22 +02:00
Sean Harvey
58e912d4d7 MINOR Removed check for PHP versions less than 5.2 in Cookie 2012-04-03 09:54:55 +12:00
Gareth Foster
21d52d3852 BUGFIX #7018 This stops an infinite loop when Depreciation::notice is called from set_dev_servers(). This doesn't stop people from setting $dev_servers directly (not that it is used in the core code anywhere). 2012-03-24 15:57:49 +13:00
Sam Minnee
a2c1858892 BUGFIX: Return a 404, not a 500, if an invalid action is asked for on a RequestHandler. 2012-03-19 13:10:48 +13:00
Sam Minnee
8bbfa970d7 API CHANGE: Remove Controller::Now(), as it was only ever a template global provider, and use the new TemplateGlobalProvider interface on SS_Datetime instead. 2012-03-16 15:05:28 +13:00
Sam Minnee
6c35588eda API CHANGE: Rename 'PastMember' to 'IsRepeatMember' in templates.
API CHANGE: Move Controller::PastMember() to Member::is_repeat_member() in code.
API CHANGE: Removed Controller::CurrentMember(), it was only ever intended as a template global provider.
2012-03-16 15:05:28 +13:00
Ingo Schommer
e6be56e3b4 API CHANGE Removed FormResponse class, use custom HTTP status codes to communicate state on text/html responses, or use text/json for more structured data responses 2012-03-09 23:27:39 +01:00
Ingo Schommer
27fd3e5633 API CHANGE Removed Session::load_config() (no longer supported) 2012-03-09 21:17:18 +01:00
Hamish Friedlander
5ff095e561 BUGFIX: RequestHandler needs some tricks to make sure it knows when allowed_actions hasnt been provided on a class when it has been provided on an extension, now that statics from extensions isnt a feature specific hack 2012-03-09 18:16:45 +13:00
Hamish Friedlander
4315e51358 BUGFIX: Fix deprecated and removed static accessor calls 2012-03-09 18:16:44 +13:00
Mark Stephens
627708e3a8 BUGFIX: add Director::isDev parameter so we can test if we know we're dev mode already without touching the database. Used in showqueries on MySQL, so that errors are avoided when showing queries on initial switch to dev move (#6856) 2012-03-09 14:20:22 +13:00
Ingo Schommer
f9323b398c BUGFIX Type-safe checks for Controller::join_links(), allowing arguments with a value of "0" 2012-03-08 22:20:37 +01:00
Hamish Friedlander
374ed19406 API CHANGE: Change variable expose method in TemplateGlobalProvider and TemplateIteratorProvider to (a) not clash with each other and, (b) be less generic 2012-03-06 09:31:57 +13:00
Hamish Friedlander
fb246bdd08 APICHANGE: Rename getExposedVariables to match coding conventions 2012-03-06 09:31:56 +13:00
Hamish Friedlander
927dbbe717 API-CHANGE: Global template variables can now be called directly using SSViewer_DataPresenter instead of needing to inherit off ViewableData 2012-03-06 09:11:46 +13:00
Sam Minnee
adfdd068e2 Merge branch 'ereg-to-preg' of https://github.com/AngryPHPNerd/sapphire
Conflicts:
	model/fieldtypes/Date.php
2012-03-05 13:54:20 +13:00
Ingo Schommer
bcc73de85e Merge branch '106-add-edit-records-rc'
Conflicts:
	admin/code/LeftAndMain.php
	admin/css/screen.css
	admin/scss/_style.scss
	admin/templates/Includes/LeftAndMain_EditForm.ss
	css/GridField.css
	filesystem/Folder.php
	forms/gridfield/GridField.php
	forms/gridfield/GridFieldDefaultColumns.php
	forms/gridfield/GridFieldPopupForms.php
2012-02-27 23:58:10 +01:00
Julian Seidenberg
3936909980 ENHANCEMENT: working delete button 2012-02-27 23:52:48 +01:00
AngryPHPNerd
0e2cbb0b88 Replace ereg with preg_* 2012-02-27 22:14:02 +01:00
Sean Harvey
07f4cd4a78 BUGFIX Fixed undefined method suser_error() in Cookie::set() 2012-02-16 14:59:56 +13:00
Ingo Schommer
5ab007db21 MINOR Removed apache_request_headers() usage in Director::direct(), it causes inconsistencies in capitalisation over the default method (inspecting $_SERVER) 2012-02-14 13:53:35 +01:00
Fred Condo
d370423825 Clean up trailing ?> per coding standard
All sapphire but the lang directory
2012-02-12 12:40:16 -08:00
Sam Minnee
2648411829 ENHANCEMENT: Ensure that forceSSL and protocol detection respects the X-Forwarded-Protocol header. 2012-02-03 09:49:37 +13:00
Sam Minnee
06605ffadc ENHANCEMENT: Provide a default Controller::Link() method, meaning that Controller objects can be constructed to help with testing forms. 2012-01-10 16:39:12 +13:00
Sam Minnée
d9fcbf9167 Merge pull request #115 from joaosantos81/patch-1
Fix for bug when destroying a session with a domain cookie. See http://w...
2012-01-09 19:10:49 -08:00
simonwelsh
7179f04682 API CHANGE: Deprecate Director::set_dev_servers() and Director::set_test_servers() in favour of Director::set_environment_type() or an _ss_environment.php file. 2012-01-01 22:09:41 +13:00
Simon Welsh
dd546a9888 BUGFIX Merge request arrays recursively 2011-12-23 17:48:49 +13:00
Sam Minnee
8e58529f39 BUGFIX: Don't throw errors if older modules aren't aware of the DataModel argument. 2011-12-17 15:25:15 +13:00
Will Rossiter
075cb5d7b9 ENHANCEMENT: keep Cookie::forceExpiry() consistent with Cookie::set() for preventing cookies from not being deleted. Fixes #56 2011-12-17 14:21:09 +13:00
joaosantos81
77f5ea733b Fix for bug when destroying a session with a domain cookie. See http://www.silverstripe.org/general-questions/show/18539 for more details 2011-11-14 09:44:46 +00:00
Sam Minnee
e5afa25522 MINOR: Use Deprecation class to indicate deprecated methods in core. 2011-10-29 17:34:31 +13:00
Simon Welsh
58bbb3687a Change Controller::can() to allow an array of perms, as CMSMain can pass an array in (singleton($class)->stat('need_permission') can be an array). 2011-10-29 12:09:22 +13:00
Ingo Schommer
e66255cfb3 API CHANGE Using 'BackURL' GET parameter in Controller->redirectBack() instead of the unused '_REDIRECT_BACK_URL', which e.g. makes the Security/logout behaviour consistent with Security/login (fixes #6729, thanks rixnix) 2011-10-10 10:10:20 +02:00