Commit Graph

274 Commits

Author SHA1 Message Date
Sam Minnee
3510b60ab8 Added 3.1.0-rc1 changelog 2013-08-09 14:25:58 +12:00
Ingo Schommer
7a117fe713 Added 3.0.6-rc1 changelog 2013-08-07 20:55:10 +02:00
Ingo Schommer
a213afd888 Added 3.0 changelog 2013-08-07 20:16:59 +02:00
Ingo Schommer
2a35f2f928 Merge remote-tracking branch 'origin/3.1' 2013-08-07 17:34:11 +02:00
Ingo Schommer
afe06661ef Merge remote-tracking branch 'origin/3.0' into 3.1
Conflicts:
	admin/templates/Includes/LeftAndMain_Menu.ss
	admin/templates/Includes/ModelAdmin_ImportSpec.ss
	admin/templates/Includes/ModelAdmin_Tools.ss
	admin/templates/LeftAndMain.ss
	admin/templates/ModelSidebar.ss
	i18n/i18n.php
	templates/ComplexTableField.ss
	templates/ComplexTableField_popup.ss
	templates/FileIFrameField_iframe.ss
	templates/Includes/GridFieldItemEditView.ss
	templates/Includes/TableListField_PageControls.ss
	templates/RelationComplexTableField.ss
	templates/TableField.ss
	templates/TableListField.ss
2013-08-07 17:14:47 +02:00
Ingo Schommer
00ffe72944 Translations: Switch to Transifex format
- Based on new (last) translation download from getlocalization.com
- Removed untranslated strings. Getlocalization started including those at some point
which is highly annoying, unnecessary and breaks the new transfix system,
since it'll mark all of the english strings as actual translations
- Avoid dots in entities. It confuses the Transifex YML parser
- Removed some locales unknown to Transifex which didn't have any translations anyway
- Removed "lolcat" locale, uses custom notation (en@lolcal)
  which SilverStripe's i18n system can't handle
  (needs mapping from SS naming to Zend naming)
- Renamed "Te Reo/Maori" locale from "mi_NZ" to "mi" (Transifex/CLDR notation)
- Namespaced all entities used in templates (deprecated usage)
- Converted dots to underscores where template filenames are used for namespaces,
since Transifex YML parsing handles them as separate YML keys otherwise
- Removed whitespace in entity names, SilverStripe i18n can't handle it
- Only allow selection of locales registered through i18n::$all_locales to avoid
  issues with unknown locales in Zend's CLDR database
2013-08-07 00:25:16 +02:00
Ingo Schommer
542728cd94 Merge remote-tracking branch 'origin/3.1' 2013-08-03 19:47:32 +02:00
Ingo Schommer
0e7231ff60 API Disable discontinued Google Spellcheck in TinyMCE
Replaced by browser-based spellchecking if available (Chrome, Firefox),
with instructions on how to use PSpell as an alternative.
2013-08-03 16:16:45 +02:00
Ingo Schommer
97e6108fa9 Changelog note on form method limitations
See 14c59be85e.
Raised by Fara Rustein of Deloitte Argentina (CVE-2013-2653).
2013-08-01 15:48:51 +02:00
Hamish Friedlander
0a79ac3592 Merge branch 'origin/3.1'
Conflicts:
	templates/forms/CheckboxSetField.ss
	templates/forms/FormField_holder.ss
	templates/forms/OptionsetField.ss
2013-07-19 16:25:38 +12:00
Hamish Friedlander
d38bd7d5cb Merge branch 'origin/3.0' into 3.1 2013-07-19 14:18:49 +12:00
Hamish Friedlander
1298d4a5bd FIX Prevent DOS by checking for env and admin on ?flush=1 (#1692) 2013-07-19 12:24:32 +12:00
Simon Welsh
fbce9fd7cd Merge branch '3.1'
Conflicts:
	.travis.yml
	docs/en/misc/contributing/code.md
	javascript/HtmlEditorField.js
2013-07-05 10:22:58 +12:00
Hamish Friedlander
dacb2aa638 FIX HtmlEditorField not re-checking sanitisation server side 2013-07-04 08:53:23 +12:00
Ingo Schommer
fb784af738 API Enforce $allowed_actions in RequestHandler->checkAccessAction()
See discussion at https://groups.google.com/forum/?fromgroups#!topic/silverstripe-dev/Dodomh9QZjk

Fixes an access issue where all public methods on FormField were allowed,
and not checked for $allowed_actions. Before this patch you could e.g.
call FormField->Value() on the first field by using action_Value.

Removes the following assertion because it only worked due to RequestHandlingTest_AllowedControllerExtension
*not* having $allowed_extensions declared: "Actions on magic methods are only accessible if explicitly allowed on the controller."
2013-06-24 14:50:40 +02:00
Ingo Schommer
94b4237372 Merge remote-tracking branch 'origin/3.1' 2013-06-19 11:17:33 +02:00
Sean Harvey
726e4c313e Merge pull request #2084 from chillu/pulls/cmsform
Handle ValidationException on CMS forms
2013-06-18 14:41:51 -07:00
vikas srivastava
2f16d93d48 Update 3.1.0.md
I was trying 
Member:
  extensions:
    MyMemberExtension

And it didn't work then someone on IRC pointed that I need to put a '-' before values. So this works.
Member:
  extensions:
    - MyMemberExtension
Hope will help someone else.
2013-06-17 14:21:46 +05:30
CheeseSucker
091e34e2e8 [MINOR] Typo 2013-06-15 02:49:52 +03:00
Ingo Schommer
9d4b8f61ca Note about IE10 support 2013-06-13 10:27:19 +02:00
Ingo Schommer
bfff11eb9c API New CMSForm class to allow validation responses in CMS (fixes #1777)
Thanks to @willmorgan for getting this discussion started
(see https://github.com/silverstripe/sapphire/pull/1814).
2013-06-13 07:51:05 +02:00
Ingo Schommer
5a1d476e8d Merge branch 'idvalidattr' of git://github.com/wilr/sapphire into wilr-idvalidattr 2013-05-31 19:27:19 +02:00
Ingo Schommer
88536998b9 Merge remote-tracking branch 'origin/3.1'
Conflicts:
	.travis.yml
2013-05-31 18:08:59 +02:00
Damian Mooyman
163917b83e Fixed scrutiniser issues 2013-05-27 15:42:10 +12:00
Damian Mooyman
7f057ce343 API UploadField functions on new records
Fixed regression from 1e5d40474d (UploadField::canPreviewFolder).
Merged in pull request #2009 - (6018bdd631).
Merged pull request #1259 (34bfc862ee).
2013-05-27 15:22:59 +12:00
Will Rossiter
ca87b8b794 API: Form Field ID attribute should follow HTML specification
Fixes: http://open.silverstripe.org/ticket/4431.

Changes Form and Form Field classes to make use of Convert::raw2htmlid() which follows http://www.w3.org/TR/REC-html40/types.html#type-cdata.

Introduces a FormTemplateHelper class to assist in these sort of updates in the future.
2013-05-26 11:11:55 +12:00
Simon Welsh
e90012787d Merge branch 'hackfest_may_2013' of https://github.com/NightJar/sapphire into 3.1
Conflicts:
	docs/en/changelogs/3.1.0.md
2013-05-25 20:07:54 +12:00
Nightjar
5ec8158977 Check that Webserver is not Apache/1.x in light of installer assets/.htaccess alterations 2013-05-25 20:03:36 +12:00
Stephen Shkardoon
5e5b892043 Note for magic quotes change 2013-05-25 20:02:51 +12:00
Sam Minnee
d97ca43cd0 Merge branch '3.1'
Conflicts:
	README.md
	dev/install/install.php5
	forms/ConfirmedPasswordField.php
	tests/forms/FormTest.php
2013-05-23 19:01:58 +12:00
Damian Mooyman
6e0e3564e1 NEW Added beforeExtending, afterExtending, and beforeUpdateCMSFields to allow user code better control over interaction with extending methods 2013-05-16 10:34:45 +12:00
Ingo Schommer
3b02d22989 Merge remote-tracking branch 'origin/3.0' into 3.1
Conflicts:
	dev/CsvBulkLoader.php
2013-05-09 10:34:20 +02:00
Will Morgan
a5b04ba334 Updating docs for Security template changes
See https://github.com/silverstripe/sapphire/pull/1807
2013-05-08 11:52:36 +01:00
Ingo Schommer
6c2e791a48 Merge remote-tracking branch 'origin/3.1' 2013-04-29 08:59:06 +02:00
Sam Minnee
eb583c5f14 NEW: Added DataObject::getQueriedDatabaseFields() as faster alternative to toMap()
API: CompositeDBField::setValue() may be passed an object as its second argument, in addition to array.

These changes provide a 15% - 20% performance improvement, and as such justify an small API change in the 3.0 branch. It will likely affect anyone who has created their own composite fields, which is fortunately not all that common.
2013-04-21 13:39:11 +12:00
Ingo Schommer
6e3a150424 3.1.0-beta3 changelog 2013-04-18 19:28:13 +02:00
Ingo Schommer
d877c1063d Updated changelog, moved "statics in Page.php" to top
Its going to be a fatal error on every upgrade unless tended to,
so we need to ensure people don't overlook it in the guide.
2013-04-18 18:28:09 +02:00
Ingo Schommer
0343a77d30 Merge remote-tracking branch 'origin/3.1' 2013-04-11 11:42:04 +02:00
Ingo Schommer
ae09301c8c Revert deprecation of Object::add_extension() usage
This reverts commit 14b997eea3.
Its just not practical to use the Config API as it stands,
the add_extension() wrapper does more than just a Config->update().

Most use cases can be covered via YML, but any conditional
additions (e.g. in unit tests) can still benefit from the
add_extensions() shorthand.
2013-04-11 11:40:53 +02:00
Ingo Schommer
14b997eea3 API Deprecated Object::add_extension() usage (as of 3.2) 2013-04-09 15:00:34 +02:00
Ingo Schommer
baca12bf37 3.1 changelog summaries 2013-04-09 13:36:39 +02:00
Ingo Schommer
01f46d039f NEW Enforce max node counts to avoid excessive resource usage
Rendering potentially 1000s of nodes can exceed the CPU and memory constraints
of a normal PHP process, as well as the rendering capabilities of browsers.
Set a hard maximum for the renderable nodes, deferring to a "show as list" action
in the main CMS tree. For TreeDropdownField, we don't have the list fallback option,
so ask the user to search for the node title instead.

Also makes both the "node_threshold_total" and "node_threshold_leaf" values configurable
2013-04-09 10:24:18 +12:00
s-m
6a95db0eff API: Support inequalities in templates
This adds support for <, <=, >, >= in templates
2013-04-08 17:07:39 +02:00
Ingo Schommer
f296439a24 NEW Hints for scaffolded date/time fields 2013-04-08 19:38:50 +12:00
Ingo Schommer
828ac7fe4f API Replaced SSViewer.custom_theme with SSViewer.theme_enabled
Since we can't influence the setting of configuration values,
we also can't set/unset the 'custom_theme' value based on which
theme is set. This means the 'custom_theme' value goes stale,
and we can't rely on it e.g. in FilesystemPublisher.

The 'theme_enabled' toggle is a cleaner solution to the same problem,
since the 'custom_theme' was really just a way to remember the original
theme, while still disabling it. The toggle makes this more explicit,
but also requires users of the 'theme' setting to check for it.
2013-04-07 23:59:10 +02:00
Ingo Schommer
afb8465d05 Merge remote-tracking branch 'origin/3.1'
Conflicts:
	.travis.yml
2013-03-29 17:37:19 +01:00
Ingo Schommer
e97c034922 API i18n::$common_languages and i18n::$common_locales converted to Config API
They are now accessed via the Config API, and contain associative rather than indexed arrays.
Before: `array('de_DE' => array('German', 'Deutsch'))`, after: `array('de_DE' => array('name' => 'German', 'native' => 'Deutsch'))`.

Also fixed a i18n.js_i18n config accessor
2013-03-27 20:42:46 +01:00
Ingo Schommer
538bf01860 Merge remote-tracking branch 'origin/3.1' 2013-03-27 12:12:16 +01:00
Ingo Schommer
8b4fb6ef0f Clarified 3.1 upgrading docs 2013-03-26 19:01:36 +01:00
Ingo Schommer
b0d3f7f3a2 Merge remote-tracking branch 'origin/3.1'
Conflicts:
	api/RSSFeed.php
	dev/SapphireTest.php
	tests/control/RequestHandlingTest.php
2013-03-26 10:46:41 +01:00
Ingo Schommer
4ea98ae440 Removed Object::*_extension() non-LSB deprecation
Its just a simplication, and unnecessarily complicates
module compatibilities.
2013-03-26 00:31:25 +01:00
Ingo Schommer
7470f5e0b6 More upgrading notes about 3.1 and statics 2013-03-25 22:09:21 +01:00
Ingo Schommer
c8f26e673a 3.1 changelog improvements 2013-03-25 09:52:55 +01:00
Ingo Schommer
3334eafcb1 API Marked statics private, use Config API instead (#8317)
See "Static configuration properties are now immutable, you must use Config API." in the 3.1 change log for details.
2013-03-24 17:20:53 +01:00
Ingo Schommer
81a51331d6 IX Load _config.php's after static config manifest
This allows more sophisticated handling of config alterations
in _config.php. One example is additions to DataObject::$db
based on configuration which requires some processing.

See https://github.com/unclecheese/TranslatableDataObject/blob/master/TranslatableDataObject.php
2013-03-21 00:16:36 +01:00
Ingo Schommer
5b83de4049 Added note about deprecations to 3.1 upgrading guide 2013-03-20 10:28:39 +01:00
Ingo Schommer
53c84ee1fe Merge remote-tracking branch 'origin/3.0' into 3.1 2013-03-19 14:04:29 +01:00
Ingo Schommer
99ca0471f7 Merge remote-tracking branch 'origin/2.4' into 3.0
Conflicts:
	control/RequestHandler.php
	core/control/ContentController.php
	dev/CsvBulkLoader.php
	docs/en/changelogs/index.md
	docs/en/reference/execution-pipeline.md
	docs/en/topics/commandline.md
	docs/en/topics/controller.md
	docs/en/topics/form-validation.md
	docs/en/topics/forms.md
	docs/en/topics/security.md
	model/MySQLDatabase.php
	security/Security.php
	tests/control/ControllerTest.php
	tests/control/RequestHandlingTest.php
2013-03-19 13:56:04 +01:00
Andrew Short
94f209eb74 Merge branch '3.1' 2013-03-19 22:36:47 +11:00
Ingo Schommer
250834d9d2 Updated browser requirements, dropping IE7 support
See https://groups.google.com/forum/?fromgroups=#!topic/silverstripe-dev/GahZfDLvb-I
2013-03-18 14:33:43 +01:00
Andrew Short
bc941c18b6 Merge branch '3.1' 2013-03-15 21:58:37 +11:00
Hamish Friedlander
a2845735b0 Update 3.1.0 upgrading notes for casting changes 2013-03-14 12:49:34 +13:00
Sam Minnée
09377f0ba4 Added upgrade note for config static immutability
Config statics are now immutable for performance, this requires an upgrade change.
2013-03-13 11:22:41 +13:00
Ingo Schommer
53e988bb09 Merge remote-tracking branch 'origin/3.1.0-beta2' into 3.1 2013-03-12 10:45:44 +01:00
Ingo Schommer
ce66bc1eaf Merge remote-tracking branch 'origin/3.1'
Conflicts:
	tests/travis/before_script
2013-02-27 13:34:03 +01:00
Ingo Schommer
bea1b9002d Merge remote-tracking branch 'origin/3.0' into 3.1
Conflicts:
	control/HTTP.php
2013-02-26 13:28:35 +01:00
Sam Minnee
50f36447a9 Merge branch '3.1' 2013-02-25 16:59:37 +13:00
Ingo Schommer
9ceef6be07 Added changelog 2013-02-20 00:39:00 +01:00
Ingo Schommer
876c660018 Merge pull request #1195 from chillu/pulls/deprecate-scheduled-tasks
API Deprecated ScheduledTask and subclasses
2013-02-19 01:01:53 -08:00
Ingo Schommer
43fb566388 Note about RestfulService SSL verification in upgrading guide 2013-02-18 15:59:15 +01:00
Ingo Schommer
bb724c43b9 Merge pull request #1142 from chillu/pulls/remove-auto-controller-routing
API Removed auto-routing of controller name
2013-02-18 05:30:37 -08:00
Ingo Schommer
957469d770 API Removed auto-routing of controller name
Use custom routing rules to achieve this effect (see changelog)
2013-02-18 14:29:47 +01:00
Ingo Schommer
af96432c1e Merge remote-tracking branch 'origin/3.1'
Conflicts:
	api/RSSFeed.php
2013-02-18 14:18:54 +01:00
Ingo Schommer
88867cdd23 API Deprecated ScheduledTask and subclasses
Base CliController or BuildTask instead, with custom cron job intervals.
2013-02-18 14:01:15 +01:00
Hamish Friedlander
7ec8ebbf9e Add 3.1.0-beta2 changelog 2013-02-18 17:09:22 +13:00
Hamish Friedlander
5fd55a50f2 API Tighten up allowed_actions
allowed_actions is now only allowed to reference public methods defined
on the same Controller as the allowed_actions static, and
the wildcard "*" has been deprecated
2013-02-18 14:53:33 +13:00
Hamish Friedlander
7efae6b95f Merge remote-tracking branch 'origin/3.0' into 3.1 2013-02-18 14:31:57 +13:00
Ingo Schommer
37b8034462 Fixed changelog 2013-02-18 01:34:51 +01:00
Ingo Schommer
ad9f26a00f Updated changelog 2013-02-18 01:29:30 +01:00
Ingo Schommer
62987139d4 Updated changelog 2013-02-18 01:19:33 +01:00
Ingo Schommer
56ad1d027e Updated changelog 2013-02-18 01:03:57 +01:00
Ingo Schommer
f06ba70fc9 BUG Undefined $allowed_actions overrides parent definitions, stricter handling of $allowed_actions on Extension
Controller (and subclasses) failed to enforce $allowed_action restrictions
on parent classes if a child class didn't have it explicitly defined.

Controllers which are extended with $allowed_actions (through an Extension)
now deny access to methods defined on the controller, unless this class also has them in its own
$allowed_actions definition.
2013-02-17 23:30:36 +01:00
Ingo Schommer
303352926b 3.0.4 changelog update 2013-02-17 23:28:22 +01:00
Ingo Schommer
50995fbecb BUG Undefined $allowed_actions overrides parent definitions, stricter handling of $allowed_actions on Extension
Controller (and subclasses) failed to enforce $allowed_action restrictions
on parent classes if a child class didn't have it explicitly defined.

Controllers which are extended with $allowed_actions (through an Extension)
now deny access to methods defined on the controller, unless this class also has them in its own
$allowed_actions definition.
2013-02-17 23:16:22 +01:00
Ingo Schommer
ede381326b BUG Secure composer files from web access (fixes #8011)
Already applied to root .htaccess, but required for dynamically
generated file from installer as well. Also added upgrade instructions.
2013-02-17 22:33:04 +01:00
Ingo Schommer
d969e29d00 API Require ADMIN for ?showtemplate=1 2013-02-12 23:26:04 +01:00
Ingo Schommer
634c91c6ff Merge remote-tracking branch 'origin/3.0' into 3.1
Conflicts:
	email/Mailer.php
2013-01-30 12:46:24 +01:00
Nicolaas
7f4541e9f0 Update docs/en/changelogs/3.0.0.md
minor typo
2013-01-29 17:11:47 +01:00
Will Rossiter
503ad4a2e2 Added note about reports API change in 3.2.0 changelog 2013-01-17 21:54:33 +13:00
Ingo Schommer
f72a024af5 Updated changelog notes 2012-12-18 10:40:05 +01:00
Ingo Schommer
0d37cd3e69 Updated changelog 2012-12-17 16:40:33 +01:00
Ingo Schommer
407a19cdb6 Beta changelog links 2012-12-17 14:27:31 +01:00
Ingo Schommer
75b0c3ec8f Added 3.1.0-beta1 changelog 2012-12-17 00:47:36 +01:00
Ingo Schommer
1848d7e90a API Check model permissions in GridField 2012-12-17 00:46:51 +01:00
Ingo Schommer
d13c53fda6 Merge remote-tracking branch 'origin/3.0' into 3.1
Conflicts:
	tests/model/DataQueryTest.php
2012-12-14 10:57:28 +01:00
Ingo Schommer
6f9d01f621 API FormField->setDescription() visible in default template
Renders into <span class="description"> instead of "title" attribute
2012-12-14 01:58:04 +01:00
Ingo Schommer
b65180a7f6 Changelog update for grouped CMS buttons 2012-12-14 01:56:24 +01:00
Hamish Friedlander
27113f82c3 API Make DataList and ArrayList immutable
In 3.0 there was some confusion about whether DataLists and ArrayLists
were mutable or not. If DataLists were immutable, they'd return the result, and your code
would look like

  $list = $list->filter(....);

If DataLists were mutable, they'd operate on themselves, returning nothing, and your code
would look like

 $list->filter(....);

This makes all DataLists and ArrayList immutable for all _searching_ operations.
Operations on DataList that modify the underlying SQL data store remain mutating.

- These functions no longer mutate the existing object, and if you do not capture the value
returned by them will have no effect:

  ArrayList#reverse
  ArrayList#sort
  ArrayList#filter
  ArrayList#exclude

  DataList#dataQuery (use DataList#alterDataQuery to modify dataQuery in a safe manner)
  DataList#where
  DataList#limit
  DataList#sort
  DataList#addFilter
  DataList#applyFilterContext
  DataList#innerJoin
  DataList#leftJoin
  DataList#find
  DataList#byIDs
  DataList#reverse

- DataList#setDataQueryParam has been added as syntactic sugar around the most common
cause of accessing the dataQuery directly - setting query parameters

- RelationList#setForeignID has been removed. Always use RelationList#forForeignID
when querying, and overload RelationList#foreignIDList when subclassing.

- Relatedly,the protected variable RelationList->foreignID has been removed, as the ID is
now stored on a query parameter. Use RelationList#getForeignID to read it.
2012-12-14 13:30:35 +13:00
Ingo Schommer
644cc79ebb API Removed methods previously deprecated in 3.0 2012-12-14 01:16:47 +01:00
Ingo Schommer
c6b1d4aa6b API Storing alternative DB name in cookie rather than session
Session is not initialized by the time we need to use
the setting in DB::connect(). Cookie values get initialized
automatically for each request.

Tightened name format validation to ensure it can only
be used for temporary databases, rather than switching
the browser session to a different production database.

Encrypting token for secure cookie usage.
Added dev/generatesecuretoken to generate this token.
Not storing in YML config directly because of web access issues.
2012-12-13 23:21:48 +01:00