Commit Graph

315 Commits

Author SHA1 Message Date
Damian Mooyman
cfe1d4f481
[ss-2017-007] Ensure xls formulae are safely sanitised on output
CSVParser now strips leading tabs on cells
2017-12-01 10:24:49 +13:00
Thomas Portelange
e729cd2c37
TinyMCE lang is fr_FR for all French languages
"fr" is not a valid tiny mce lang

https://www.tinymce.com/docs/configure/localization/

having "fr" as it is currently prevents loading the language file
2017-11-29 12:54:27 +01:00
Damian Mooyman
eae3d0cfaa
Merge remote-tracking branch 'origin/4.0' into 4 2017-11-16 10:16:44 +13:00
Chris Joe
bee3c404fa
Merge pull request #7545 from open-sausages/pulls/4.0/deprecated-each
BUG Remove usage of deprecated each() and use a helper method instead
2017-11-15 16:30:20 +13:00
Damian Mooyman
ba86a1dce9
Merge pull request #7595 from andrewandante/pulls/sanitise_select_tag_4
sanitise select tag in DropdownField Docblock
2017-11-15 14:17:55 +13:00
Daniel Hensby
cf321895ba
Merge branch '4.0' into 4 2017-11-14 13:24:15 +00:00
Andrew Aitken-Fincham
3274f29c00 sanitise more docblocks 2017-11-14 10:02:24 +00:00
Andrew Aitken-Fincham
25d8795c70 sanitise FormField docblock 2017-11-14 09:52:06 +00:00
Andrew Aitken-Fincham
6cfb0a3d86 sanitise ListboxField docblock 2017-11-14 09:47:39 +00:00
Andrew Aitken-Fincham
e5b3f82f8c sanitise select tag in DropdownField Docblock 2017-11-14 08:17:39 +00:00
Daniel Hensby
2f9fae32c1
DOCS Improve return tags for requiredfields class 2017-11-08 15:29:15 +00:00
Reece Alexander
642cbdafc8 API Allow an array as a param to makeFieldReadOnly() 2017-11-07 15:51:13 +13:00
Damian Mooyman
3298cf061b
Merge pull request #7543 from zanderwar/patch-1
Allow chain-ability on adding and removing fields
2017-11-03 11:15:51 +13:00
Chris Joe
cd55a039e7
Merge pull request #7520 from open-sausages/pulls/4.0/config-redirect-works
API / BUG - Introduce new request resolver middleware and fix broken forceWWW / forceSSL
2017-11-02 10:01:58 +13:00
Damian Mooyman
5bc4f3d1fc
BUG Remove usage of deprecated each() and use a helper method instead 2017-11-01 16:04:35 +13:00
zanderwar
91f1a58018 ENHANCEMENT: Allow chain-ability on adding and removing fields 2017-11-01 14:24:21 +13:00
Damian Mooyman
0c178f934d
ENHANCEMENT Adjust tinymce footer, remove branding and restore path
FIxes #294
2017-10-31 12:12:59 +13:00
Damian Mooyman
3c8848a090
Update code style and fix tests 2017-10-30 17:34:15 +13:00
Damian Mooyman
9d3277f3d3
BUG Fix forceWWW and forceSSL not working in _config.php
API Introduce CanonicalURLMiddleware
BUG Fix Director::makeRelative() failing on multi-domain sites
2017-10-30 14:42:36 +13:00
Christopher Joe
f6b7cf8889 Feature disable current user from removing their admin permission 2017-10-30 12:34:06 +13:00
Damian Mooyman
324bdad48c
ENHANCEMENT Ensure DBVarchar scaffolds text field with TextField with appropriate max length
Fixes #1413
2017-10-26 16:21:51 +13:00
Damian Mooyman
68c3279fd9
BUG Ensure readonly tree dropdown is safely encoded
Removed legacy entwine dead code
Added soft-deprecation to label field
2017-10-26 13:04:30 +13:00
Robbie Averill
da4989e8f6 FIX Do not escape the readonly values since they get escaped when rendered 2017-10-25 17:36:54 +13:00
Dylan Wagstaff
7c354525fb Remove dead code from GridFieldDetailForm
There is no action for 'autocomplete', there is no method 'handleAutocomplete', and out of the box there is no extension that applies it.
Manually testing the URL that would take us through such a handler does not give an exception about missing details from the URI (such as a required query string), but instead gives us an exception on there not being a handler for such.
`[Emergency] Uncaught BadMethodCallException: Object->__call(): the method 'handleAutocomplete' does not exist on 'SilverStripe\Forms\GridField\GridFieldDetailForm'`
@ e.g. `http://localhost/admin/pages/edit/EditForm/1/field/ElementalArea/autocomplete`.

Auto complete should be (and is) handled in it's own component code, such as https://github.com/silverstripe/silverstripe-framework/blob/4.0/src/Forms/GridField/GridFieldAddExistingAutocompleter.php#L210
2017-10-24 12:57:08 +13:00
Christopher Joe
4caf34506a Fix switch to using the Convert class for decoding 2017-10-20 14:43:19 +13:00
Christopher Joe
076d7d78c6 BUG cache the cacheKey in TreeDropdownField, so it doesn't need to query for it multiple times in the same request 2017-10-18 11:49:28 +13:00
Chris Joe
d876e36424 Merge pull request #7467 from open-sausages/pulls/4.0/adjust-field-onbeforerender
Adjust FormField::onBeforeRendor so that it can influence both context and passed properties
2017-10-12 12:11:32 +13:00
Damian Mooyman
eff5c28f24
Adjust FormField::onBeforeRendor so that it can influence both context and passed properties
Fixes #7466
2017-10-11 11:43:57 +13:00
Will Rossiter
dc9307bd99 Add updateBreadcrumbs hook to GridFieldDetailForm 2017-10-10 16:03:20 +13:00
Daniel Hensby
d8f49a1bda Merge pull request #7426 from silverstripe/filefield-accept-attr
NEW: Implement accept attribute in FileField (closes #7279)
2017-10-06 15:01:12 +01:00
Chris Joe
58cd83e4f7 Merge pull request #7434 from open-sausages/pulls/4.0/the-tree-needs-cutting
Fix refactor TreeMultiselectField to be clearable if nothing is selected
2017-10-06 15:16:10 +13:00
Chris Joe
90ce2abecb Merge pull request #7422 from open-sausages/pulls/4.0/flags-in-gridfield
Add gridfield versioned columns
2017-10-06 14:39:02 +13:00
Saophalkun Ponlu
1a324d9d77 Wrap content gridfield cell in another non-td element for styling 2017-10-06 11:47:38 +13:00
Christopher Joe
e07658ef50 Fix linting issues and fix doc 2017-10-05 15:28:58 +13:00
Saophalkun Ponlu
6424f4dea0 Changes based on peer review feedbacks 2017-10-05 15:04:46 +13:00
Christopher Joe
a1a8341929 Fix refactor TreeMultiselectField to be clearable if nothing is selected 2017-10-05 14:58:27 +13:00
Damian Mooyman
1b6d0144c5
BUG Fix resource mapping for TinyMCE
API add ModuleResource::getRelativeResource()
2017-10-04 17:44:04 +13:00
Saophalkun Ponlu
ae930833ad Add gridfield versioned columns 2017-10-04 17:33:15 +13:00
Loz Calver
43ec2f87ed NEW: Implement accept attribute in FileField (closes #7279) 2017-10-03 16:48:49 +01:00
Damian Mooyman
5ffe64f024
Fix tinymce plugins 2017-10-03 14:08:24 +13:00
Damian Mooyman
cdefd19091
Ensure HTMLEditor can load vendor css 2017-10-03 13:08:22 +13:00
Ingo Schommer
e1b98d154e Fix tinymce operation for resource paths
It was referencing secondary TinyMCE assets in the vendor/* folder
from its generated files (e.g. skin.min.css).
2017-10-03 09:03:37 +13:00
Damian Mooyman
3011650b5a
Remove superfluous datefield props
Fixes #7397
2017-09-29 10:25:22 +13:00
Christopher Joe
90d0361a6c Enhancement update set_themes to not update config 2017-09-28 16:47:13 +13:00
Christopher Joe
7e92b053f4 Enhancement Add setter and getter for certain classes, so that LeftAndMain no longer updates config during init 2017-09-28 16:47:13 +13:00
Chris Joe
c3f7165023 Merge pull request #7371 from open-sausages/pulls/4.0/fix-gridfield-print
BUG Fix gridfield print styles
2017-09-13 15:58:05 +12:00
Damian Mooyman
d05d22abc2 Merge pull request #7343 from creative-commoners/pulls/4.0/add-extra-class
NEW Allow GridFieldEditButton to have configurable HTML classes. Change edit icon.
2017-09-13 15:39:38 +12:00
Sacha Judd
c707fccf69 NEW Allow GridFieldEditButton to have configurable HTML classes. Change edit icon. 2017-09-13 13:11:17 +12:00
Damian Mooyman
f8ef97c167
BUG Fix import modal
Fixes https://github.com/silverstripe/silverstripe-admin/issues/251
2017-09-13 12:52:20 +12:00
Damian Mooyman
1892a02076
BUG Fix gridfield print styles 2017-09-13 11:48:42 +12:00
Bernard Hamlin
fa86f42ab9
BEM class names for filter-buttons 2017-09-12 10:16:03 +12:00
Chris Joe
1f5644d143 Merge pull request #7340 from open-sausages/pulls/4.0/toolbar-button-margin
Fix toolbar button margin and spacing
2017-09-05 16:07:32 +12:00
Saophalkun Ponlu
2f7f4e73d9 Fix toolbar button margin and spacing 2017-09-05 15:08:05 +12:00
Christopher Joe
afda58c515 Fix add schema to the "auto" parts request 2017-09-05 13:12:51 +12:00
Christopher Joe
120c772966 Add TreeDropdownField from React to Entwine 2017-09-04 12:15:41 +12:00
Saophalkun Ponlu
08fa3d6e3d
Enable TinyMCE list buttons 2017-09-04 09:30:07 +12:00
Robbie Averill
c4ff9df1b0 FIX Use correct bootstrap class or GridFieldDetailForm delete button 2017-08-24 14:34:06 +12:00
Damian Mooyman
d5b3280498 Merge pull request #7302 from robbieaverill/pulls/4.0/has-class-returns-bool
API Make FormField::hasClass return a boolean instead of an int
2017-08-24 13:19:30 +12:00
Robbie Averill
595ba75a50 API Make FormField::hasClass return a boolean instead of an int 2017-08-23 16:23:28 +12:00
Robbie Averill
8ebc13ae4e Replace use of Configurable stat() with config()->get(), will be deprecated in future 2017-08-23 09:42:10 +12:00
Damian Mooyman
9b4d689bb2 Lazy-load custom methods and extensions on CustomMethods and Extensible traits
No longer need constructExtensions()
2017-08-22 15:47:24 +12:00
Damian Mooyman
ce5e15df6e BUG Fix issue with multiple editors breaking plugins 2017-08-18 16:33:16 +12:00
Christopher Joe
9dc11eff43 Enhancement Add a path option for the schema data, so a full tree is not required for this data 2017-08-17 16:08:27 +12:00
Damian Mooyman
bbded44056 Upgrade bootstrap class names 2017-08-16 10:50:09 +12:00
Daniel Hensby
c0211927aa
Merge branch '3' into 4 2017-08-14 21:18:03 +01:00
Damian Mooyman
06efd2ac12
ENHANCEMENT Ensure flush destroys temp tinymce files 2017-08-03 13:21:48 +12:00
Robbie Averill
e307f067ed FIX Replace deprecated %s placeholders in translations with named placeholders
* Remove the use of sprintf and %s placeholders in the i18n tests
2017-08-02 13:03:55 +12:00
Damian Mooyman
ae97c15e42
ENHANCEMENT Soft-code CSS explicit height and compute against rows 2017-08-01 15:46:49 +12:00
Damian Mooyman
078a508d71 API Replace legacy tiny_mce_gzip compressor with asset generator
Fixes https://github.com/silverstripe/silverstripe-admin/issues/74
2017-08-01 13:43:30 +12:00
vagrant
f02949fc09 Initially set a default height for the html editor to 350px 2017-07-31 16:49:48 +12:00
Damian Mooyman
9bff74bd61
Clean up all fluent property accessors 2017-07-26 18:14:27 +12:00
Christopher Joe
78d4d0d5dd Enhancement add support for TreeMultiselectField in react 2017-07-26 18:14:08 +12:00
Daniel Hensby
884f53e0f2
Merge branch '3' into 4 2017-07-25 16:17:44 +01:00
Chris Joe
6a3c51e072 Merge pull request #7036 from fullscreeninteractive/wilr-patch-1
Fix ImportButton not opening the modal
2017-07-21 14:10:31 +12:00
Saophalkun Ponlu
c2841b6d64 Enhancement Remove "Remove link" button from the editor's main toolbar
Fix behat for selecting link should focus on field
2017-07-18 13:11:27 +12:00
Damian Mooyman
3a7f9e8eb5 Merge pull request #7167 from open-sausages/pulls/4.0/tree-search-in-forest
API TreeDropdown tree parameter
2017-07-14 16:23:30 +12:00
Robbie Averill
823e49526f NEW Allow SSViewer and SSViewer_FromString to be injectable 2017-07-13 20:48:58 +12:00
Christopher Joe
ccda816f90 API added flatList argument for generating the json tree list with a context string property 2017-07-13 17:04:35 +12:00
Aaron Carlino
2b266276c2 API Implement new module sorting pattern 2017-07-13 10:27:27 +12:00
John Milmine
f14e6bae2c fix numeric field for null values 2017-07-05 07:35:13 +12:00
Damian Mooyman
f65e3627dc
BUG Implement or exclude all pending upgrader deltas 2017-07-03 12:21:47 +12:00
Damian Mooyman
92903d883e Allow editor themes to fall back safely 2017-07-03 10:38:50 +12:00
Aaron Carlino
cddaaf1444 Update TinyMCEConfig to use theme CSS 2017-07-03 10:38:50 +12:00
Aaron Carlino
ad9d4e6820 Pulls/4.0/shortcode namespacing (#7085)
* New shortcode providers, update config, docs

* Use new ImageShortcodeProvider

* Move tests

* New shortcodes namespace

* Move file and image shortcode registrations from framework to assets
2017-06-29 18:45:17 +12:00
Sam Minnee
741166e369 API: ModulePath template global now takes any composer package name.
NEW: URL generation now handled by pluggable ResourceURLGenerator service.
NEW: Requirements::javascript() and Requirements::css() now support “vendor/package:resource” syntax.

These changes will make it easier to us to fully abstract:
 - file access from module location
 - file location from URL generation

API: ModulePath template global now takes any composer package name.
NEW: URL generation now handled by pluggable ResourceURLGenerator service.
NEW: Requirements::javascript() and Requirements::css() now support “vendor/package:resource” syntax.

These changes will make it easier to us to fully abstract:
 - file access from module location
 - file location from URL generation
2017-06-28 16:59:28 +12:00
Saophalkun Ponlu
288de2eb14 BUG Add flag on form whether to notify user when there's unsaved changes 2017-06-28 11:14:12 +12:00
Sam Minnee
10866c0809 API: Replace Director::direct() with Director::handleRequest().
There was no longer any code in direct() and so I opted to expose the
handleRequest() method instead.
2017-06-27 13:32:39 +12:00
Will Rossiter
ad54e7eb30 Fix ImportButton not opening the modal 2017-06-23 10:10:01 +12:00
Damian Mooyman
3873e4ba00 API Refactor bootstrap, request handling
See https://github.com/silverstripe/silverstripe-framework/pull/7037
and https://github.com/silverstripe/silverstripe-framework/issues/6681

Squashed commit of the following:

commit 8f65e56532
Author: Ingo Schommer <me@chillu.com>
Date:   Thu Jun 22 22:25:50 2017 +1200

    Fixed upgrade guide spelling

commit 76f95944fa
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Thu Jun 22 16:38:34 2017 +1200

    BUG Fix non-test class manifest including sapphiretest / functionaltest

commit 9379834cb4
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Thu Jun 22 15:50:47 2017 +1200

    BUG Fix nesting bug in Kernel

commit 188ce35d82
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Thu Jun 22 15:14:51 2017 +1200

    BUG fix db bootstrapping issues

commit 7ed4660e7a
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Thu Jun 22 14:49:07 2017 +1200

    BUG Fix issue in DetailedErrorFormatter

commit 738f50c497
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Thu Jun 22 11:49:19 2017 +1200

    Upgrading notes on mysite/_config.php

commit 6279d28e5e
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Thu Jun 22 11:43:28 2017 +1200

    Update developer documentation

commit 5c90d53a84
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Thu Jun 22 10:48:44 2017 +1200

    Update installer to not use global databaseConfig

commit f9b2ba4755
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Wed Jun 21 21:04:39 2017 +1200

    Fix behat issues

commit 5b59a912b6
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Wed Jun 21 17:07:11 2017 +1200

    Move HTTPApplication to SilverStripe\Control namespace

commit e2c4a18f63
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Wed Jun 21 16:29:03 2017 +1200

    More documentation
    Fix up remaining tests
    Refactor temp DB into TempDatabase class so it’s available outside of unit tests.

commit 5d235e64f3
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Wed Jun 21 12:13:15 2017 +1200

    API HTTPRequestBuilder::createFromEnvironment() now cleans up live globals
    BUG Fix issue with SSViewer
    Fix Security / View tests

commit d88d4ed4e4
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Tue Jun 20 16:39:43 2017 +1200

    API Refactor AppKernel into CoreKernel

commit f7946aec33
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Tue Jun 20 16:00:40 2017 +1200

    Docs and minor cleanup

commit 12bd31f936
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Tue Jun 20 15:34:34 2017 +1200

    API Remove OutputMiddleware
    API Move environment / global / ini management into Environment class
    API Move getTempFolder into TempFolder class
    API Implement HTTPRequestBuilder / CLIRequestBuilder
    BUG Restore SS_ALLOWED_HOSTS check in original location
    API CoreKernel now requires $basePath to be passed in
    API Refactor installer.php to use application to bootstrap
    API move memstring conversion globals to Convert
    BUG Fix error in CoreKernel nesting not un-nesting itself properly.

commit bba9791146
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Mon Jun 19 18:07:53 2017 +1200

    API Create HTTPMiddleware and standardise middleware for request handling

commit 2a10c2397b
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Mon Jun 19 17:42:42 2017 +1200

    Fixed ORM tests

commit d75a8d1d93
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Mon Jun 19 17:15:07 2017 +1200

    FIx i18n tests

commit 06364af3c3
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Mon Jun 19 16:59:34 2017 +1200

    Fix controller namespace
    Move states to sub namespace

commit 2a278e2953
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Mon Jun 19 12:49:45 2017 +1200

    Fix forms namespace

commit b65c21241b
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Thu Jun 15 18:56:48 2017 +1200

    Update API usages

commit d1d4375c95
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Thu Jun 15 18:41:44 2017 +1200

    API Refactor $flush into HTPPApplication
    API Enforce health check in Controller::pushCurrent()
    API Better global backup / restore
    Updated Director::test() to use new API

commit b220534f06
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Tue Jun 13 22:05:57 2017 +1200

    Move app nesting to a test state helper

commit 603704165c
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Tue Jun 13 21:46:04 2017 +1200

    Restore kernel stack to fix multi-level nesting

commit 2f6336a15b
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Tue Jun 13 17:23:21 2017 +1200

    API Implement kernel nesting

commit fc7188da7d
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Tue Jun 13 15:43:13 2017 +1200

    Fix core tests

commit a0ae723514
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Tue Jun 13 15:23:52 2017 +1200

    Fix manifest tests

commit ca03395251
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Tue Jun 13 15:00:00 2017 +1200

    API Move extension management into test state

commit c66d433977
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Tue Jun 13 14:10:59 2017 +1200

    API Refactor SapphireTest state management into SapphireTestState
    API Remove Injector::unregisterAllObjects()
    API Remove FakeController

commit f26ae75c6e
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Mon Jun 12 18:04:34 2017 +1200

    Implement basic CLI application object

commit 001d559662
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Mon Jun 12 17:39:38 2017 +1200

    Remove references to SapphireTest::is_running_test()
    Upgrade various code

commit de079c041d
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Wed Jun 7 18:07:33 2017 +1200

    API Implement APP object
    API Refactor of Session
2017-06-22 22:50:45 +12:00
Damian Mooyman
64e802f795
API Move createTag to HTML class
ENHANCEMENT Better HTML generation behaviour for Requirements_Backend
2017-06-16 12:22:05 +12:00
Damian Mooyman
62d095305b
API Update DefaultAdmin services
API Improve validation of authentication process
2017-06-15 15:53:57 +12:00
Simon Erkelens
576eee72dc Remove DefaultAdmin things from Security and Member into the MemberAuthenticator, unifying and removing duplicate code. 2017-06-15 14:20:29 +12:00
Simon Erkelens
082db89550 Feedback from Damian.
- Move the success and message to a validationresult
- Fix tests for validationresult return
- We need to clear the session in Test logOut method
- Rename to MemberAuthenticator and CMSMemberAuthenticator for consistency.
- Unify all to getCurrentUser on Security
- ChangePasswordHandler removed from Security
- Update SapphireTest for CMS login/logout
- Get the Member ID correctly, if it's an object.
- Only enable "remember me" when it's allowed.
- Add flag to disable password logging
- Remove Subsites coupling, give it an extension hook to disable itself
- Change cascadeLogInTo to cascadeInTo for the logout method logic naming
- Docblocks
- Basicauth config
2017-06-08 17:50:20 +12:00
Simon Erkelens
2b26cafcff Separate out the log-out handling.
Repairing tests and regressions
Consistently use `Security::getCurrentUser()` and `Security::setCurrentUser()`
Fix for the logout handler to properly logout, some minor wording updates
Remove the login hashes for the member when logging out.
BasicAuth to use `HTTPRequest`
2017-06-07 21:11:58 +12:00
Sam Minnee
e226b67d06 Refactoring of authenticators
Further down the line, I'm only returning the `Member` on the doLogin, so it's possible for the Handler or Extending Handler to move to a second step.
Also cleaned up some minor typos I ran in to. Nothing major.

This solution works and is manually tested for now. Supports multiple login forms that end up in the correct handler. I haven't gotten past the handler yet, as I've yet to refactor my Yubiauth implementation.

FIX: Corrections to the multi-login-form support.

Importantly, the system provide a URL-space for each handler, e.g.
“Security/login/default” and “Security/login/other”. This is much
cleaner than identifying the active authenticator by a get parameter,
and means that the tabbed interface is only needed on the very first view.

Note that you can test this without a module simply by loading the
default authenticator twice:

SilverStripe\Security\Security:
  authenticators:
    default: SilverStripe\Security\MemberAuthenticator\Authenticator
    other: SilverStripe\Security\MemberAuthenticator\Authenticator

FIX: Refactor delegateToHandler / delegateToHandlers to have less
duplicated code.
2017-06-07 21:11:52 +12:00
Damian Mooyman
8c0ced311f Merge pull request #6998 from AntonyThorpe/StrictFormMethodCheck
Updated Form.php & 04_Form_Security.md  - strictFormMethodCheck to true
2017-06-06 23:06:11 +12:00
Antony Thorpe
6348f2e3e8 Updated Form.php & 04_Form_Security.md
Changed the `strictFormMethodCheck` protected property from false to true to step out on the front foot with this security setting.  In the documentation under the title [Cross-Site Request Forgery](https://github.com/silverstripe/silverstripe-framework/blob/master/docs/en/02_Developer_Guides/09_Security/04_Secure_Coding.md#cross-site-request-forgery-csrf) it states, "it is also recommended to limit form submissions to the intended HTTP verb (mostly GET or POST) through [api:Form::setStrictFormMethodCheck()]."  The same advice is noted in [Form Security](c2292a4cc1/docs/en/02_Developer_Guides/03_Forms/04_Form_Security.md (strict-form-submission)).

Why not make this the default behaviour?  Is there a scenario where this would cause a problem?  Have manually tested in the CMS (alpha7) and is working fine.

Note: Original commit that establised the API Form::setStrictFormMethodCheck is 14c59be8.
2017-06-06 21:10:49 +12:00
Christopher Joe
d12c986dd5
Fixes printing from crashing 2017-06-06 13:31:37 +12:00
Damian Mooyman
e7d87add9f API Remove legacy HTMLEditor classes 2017-05-30 11:01:28 +12:00
Damian Mooyman
0cd40ca6e5
BUG Fix minor accessors of legacy ->class property 2017-05-25 11:55:12 +12:00
Damian Mooyman
d15b9ee0b0 Response to feedback 2017-05-23 13:50:35 +12:00
Damian Mooyman
fba8e2c245 API Remove Object class
API DataObjectSchema::manyManyComponent() return array is now associative array
2017-05-23 13:50:35 +12:00
Damian Mooyman
7bc8172bc1 Merge pull request #6937 from caffeineinc/2930-checkboxfield-invalid-html
CheckboxField creates invalid HTML when required #2939
2017-05-22 13:44:58 +12:00
Simon Gow
cdc03602ed CheckboxField creates invalid HTML when required #2939
- Updated CheckboxField, CheckboxSetField, DropdownField, OptionsetField
 to validate with HTML5 attributes & aria-required.

https://www.w3.org/TR/wai-aria/states_and_properties#aria-required
2017-05-22 12:15:28 +12:00
Damian Mooyman
2aa3b5d5fa Merge pull request #6934 from robbieaverill/pulls/4.0/consistent-instance-method
API Consistent use of inst() naming across framework
2017-05-22 11:57:20 +12:00
Damian Mooyman
80bff0d099 Merge pull request #6932 from mikenz/pulls/4.0/treedropdownfield-orphaned
Bugfix: Parent treedropdownfield for an orphaned page is broken
2017-05-22 10:53:33 +12:00
Robbie Averill
f2cbe86f03 Remove CustomMethods::createMethod and create_function implementations, replace with closures 2017-05-19 15:56:44 +12:00
Robbie Averill
ad43a82923 API Consistent use of inst() naming across framework 2017-05-19 14:38:06 +12:00
Mike Cochrane
31578d4771 Bugfix: Parent treedropdownfield for an orphaned page is broken 2017-05-19 12:15:36 +12:00
Ingo Schommer
adbf9d9f71 Process actions on Form subclasses
Regression introduced through https://github.com/silverstripe/silverstripe-framework/issues/6362.

Quote from the RFC:

```
Thus the order of action precedence becomes

action callback
action on the Form
action on the FormRequestHandler
action on any parent controller (if given)
```
2017-05-18 22:47:39 +12:00
Damian Mooyman
8ed675d29b Merge pull request #4542 from patricknelson/issue-4417-validator-remove-validation-master
FIX for #4417: Ensuring ->removeValidation() is defined on instances of Validator. Setup new API for enabling/disabling validation. Documentation and better type handling.
2017-05-18 09:27:48 +12:00
Christopher Joe
0534a5ec0c Fix TreeDowndropField copying 2017-05-17 16:52:21 +12:00
Christopher Joe
287ad35f0d Fix change API to hasEmptyDefault() to be inline with SingleSelectField 2017-05-17 10:13:54 +12:00
Christopher Joe
3927e7e248 Fix added cache key for TreeDropdownField cache 2017-05-17 10:13:54 +12:00
Christopher Joe
6869e450a0 Enhancement added customisable emptyTitle and a showRootOption property in TreeDropdownField 2017-05-17 10:13:54 +12:00
Patrick Nelson
5fa3c85280
FIX for #4417: Ensuring ->removeValidation() is defined on instances of Validator. Setup new API for enabling/disabling validation. Documentation and better type handling. 2017-05-16 12:58:00 +01:00
Saophalkun Ponlu
1ec7c4e523 Fix lint error 2017-05-16 11:53:23 +12:00
Saophalkun Ponlu
a975b88661 Pass autofocus flag to front-end 2017-05-16 11:53:23 +12:00
Daniel Hensby
e741af9127
Merge branch 'pull/6905' 2017-05-12 12:21:02 +01:00
Ralph Slooten
43a122cc36 Fix for meta closing tags
Prevent html errors when FormField::create_tag('meta') is called from $MetaTags() so
```
<meta name="generator" content="SilverStripe - http://silverstripe.org"></meta>
```
becomes
```
<meta name="generator" content="SilverStripe - http://silverstripe.org" />
```

Add all void elements to list
2017-05-12 08:49:15 +12:00
Christopher Joe
edcb220e4a Enhancement add EmailLink form factory server-side 2017-05-11 09:57:55 +12:00
Christopher Joe
c58dc97d39 Fix optional $id param because of how methodSchema passes a parameter 2017-05-11 09:57:55 +12:00
Christopher Joe
2ee0d99806 Enhancement switch FormFactories to use RequestHandler instead of Controller 2017-05-11 09:57:55 +12:00
Christopher Joe
403f4db14d Fix change titles to return schema values in schema
Enhancement Add EditorExternalLink call for toolbar
2017-05-11 09:57:55 +12:00
Aaron Carlino
4af71b9ed7 Pulls/4/remove reliance on admin dir (#6876)
* Stop relying on external constants

* Revise getTinyMCEPath method to throw exception when no path can be computed

* Throw exception on no gzip, better admin module check
2017-05-10 13:18:44 +12:00
Saophalkun Ponlu
fd51f35bc2 Update tests 2017-05-09 16:52:32 +12:00
Saophalkun Ponlu
97dac7028c De-couple schema type and type attribute 2017-05-09 16:50:33 +12:00
Sam Minnée
33119a1f36 Merge branch 'master' into pulls/4.0/remove-deprecated-methods 2017-05-09 15:31:53 +12:00
Ingo Schommer
1d438d3fb5 API Remove deprecated FormAction::createTag() 2017-05-09 11:38:35 +12:00
Ingo Schommer
bbf15ab9f1 Allow type override in FormAction 2017-05-09 11:16:41 +12:00
Ingo Schommer
0d9b383631 API Removed legacy form fields (fixes #6099) 2017-05-09 11:16:41 +12:00
Aaron Carlino
afd1575267 ENHANCEMENT GridField passes in context for canCreate 2017-05-09 09:15:09 +12:00
Aaron Carlino
c99ed2d262 Reorganise i18n keys 2017-05-08 23:34:39 +12:00
Uncle Cheese
d51c4891e2 New namespaced i18n keys 2017-04-28 14:59:42 +12:00
Uncle Cheese
494cbd1875 Ran upgrader for lang files 2017-04-28 14:59:42 +12:00
Ingo Schommer
22f232ed4d Mark up <time> in validation errors
Allow better localisation of values in JS
2017-04-27 21:44:52 +12:00
Ingo Schommer
cbe534c675 Fixed component capitalisation 2017-04-27 15:36:18 +12:00
Ingo Schommer
94b49e3e28 Removed unused field 2017-04-27 15:36:11 +12:00
Ingo Schommer
60706c8efd Store $value in ISO and server timezone consistently, fix min/max timezone handling 2017-04-27 14:59:11 +12:00
Ingo Schommer
628fd216ad PHPDoc fixes 2017-04-27 11:56:23 +12:00
Ingo Schommer
f01a20d5c4 Only used normalised ISO on HTML5 2017-04-27 11:56:18 +12:00
Ingo Schommer
de8abe1167 API rename 2017-04-27 11:53:43 +12:00
Ingo Schommer
b852a76334 Consistent schema keys 2017-04-27 11:47:04 +12:00
Ingo Schommer
14b3468eee Removed setting format in getter
That’s already handled in getFormatter()
2017-04-27 11:09:59 +12:00
Ingo Schommer
655b047d80 Removed superfluous methods 2017-04-27 11:09:43 +12:00
Ingo Schommer
d3afa0c3b5 Remove array check since setSubmittedValue() no longer supports it 2017-04-27 10:59:44 +12:00
Ingo Schommer
958736502a Removed “T” str_replace, more comments 2017-04-27 10:32:22 +12:00
Ingo Schommer
1ec2abe75f Fixed timezone and normalised ISO handling
A few observations:
- ISO says “T” is optional (https://en.wikipedia.org/wiki/ISO_8601#cite_note-21),
- WHATWG says in the HTML5 spec that it’s optional (https://html.spec.whatwg.org/multipage/infrastructure.html#local-dates-and-times)
- W3C says it’s reqiured in 1997 (https://www.w3.org/TR/NOTE-datetime), but then later says it’s optional in its HTML5 spec (https://www.w3.org/TR/html5/infrastructure.html#floating-dates-and-times).
- Chrome doesn’t parse values with whitespace separators (requires "T")
- DataObject DBDatetime values and database columns use whitespace separators (and will have many devs relying on this format)
- MySQL only supports whitespace separators (https://dev.mysql.com/doc/refman/5.7/en/datetime.html)
- SQLite can parse both ways (https://sqlite.org/lang_datefunc.html)

So the goal here is to retain ORM/database compatibility with 3.x (whitespace separator),
while exposing "T" separators to the browser in HTML5 mode.

Regarding timezones, this fixes a regression where setValue() would not actually
apply the timezone (last $value assignment is ineffective now that sub fields are removed).
2017-04-26 22:55:29 +12:00
Ingo Schommer
e97783b057 Better second handling 2017-04-26 22:45:08 +12:00
Ingo Schommer
d2132e85db More specific localisations 2017-04-26 22:45:07 +12:00