tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity
4,695 Commits 31 Branches 527 Tags 162 MiB
9bf3ae9a19
Commit Graph

416 Commits

Author SHA1 Message Date
Andrew O'Neil
9bf3ae9a19 SECURITY: Ensure javascript content type is sent in form responses. If content type is html, and the javascript contains script tags within the content, this content will be executed. 2012-05-03 17:08:08 +02:00
Sam Minnee
921bf9a439 ENHANCEMENT: Ensure that forceSSL and protocol detection respects the X-Forwarded-Protocol header. 2012-02-03 09:39:10 +13:00
Ingo Schommer
252e187015 SECURITY Escape links for SilverStripeNavigatorItem 2012-01-31 15:55:30 +01:00
Ingo Schommer
5fe7091dff SECURITY Sanitize messages passed to generated JS calls in FormResponse::status_message(), e.g. to avoid XSS on 'Successfully published <page title>' messages 2012-01-31 15:54:59 +01:00
Sean Harvey
c336545cd7 BUGFIX Checking for existence of draft and live records in SilverStripeNavigatorItem_ArchiveLink->getHTML() (from r115130) 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@115442 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:20:07 +13:00
Sean Harvey
b81cae875a BUGFIX Fixed edge case bug where SilverStripeNavigatorItem would fail if a page was not published, and the navigator archive link was generated 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@115437 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:20:06 +13:00
Ingo Schommer
2962fb8d13 BUGFIX Checking for existence of FormAction in Form->httpSubmission() to avoid bypassing $allowed_actions definitions in controllers containing this form 
BUGFIX Checking for $allowed_actions in Form class, through Form->httpSubmission() (from r115182)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@115188 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:20:06 +13:00
Sean Harvey
521a76b880 BUGFIX #6219 Director::direct() validation fails for doubly nested file fields (thanks ajshort!) (from r114921) 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@114922 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:20:06 +13:00
Ingo Schommer
f79c6aeb83 BUGFIX Don't allow HTML formatting in RequestHandler->httpError() by sending "Content-Type: text/plain" response headers. (from r114444) 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@114445 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:20:03 +13:00
Ingo Schommer
30e3f08efb MINOR Checking for class_exists() before SapphireTest::is_running_tests() to avoid including the whole testing framework, and triggering PHPUnit to run a performance-intensive directory traversal for coverage file blacklists (from r114332) 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@114334 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:20:03 +13:00
Ingo Schommer
43c85e3c9a ENHANCEMENT Added SS_HTTPResponse->setStatusDescription() as equivalent to setStatusCode(). Added documentation. 
BUGFIX Strip newlines and carriage returns from SS_HTTPResponse->getStatusDescription() (fixes #6222, thanks mattclegg) (from r114082)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@114083 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:20:02 +13:00
Sean Harvey
47227a9395 BUGFIX ContentController::SiteConfig() should look to the SiteTree record so an alternate SiteConfig is considered, if this method doesn't exist on the data record then fall back to the default SiteConfig 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@111255 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:19:53 +13:00
Sean Harvey
451fa7664b MINOR Spelling corrections to Director comments 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@111123 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:19:52 +13:00
Mateusz Uzdowski
0e60353e05 BUGFIX: makeRelative would return "false" for the root path, empty string is expected - fix that 
BUGFIX: change the check in forceSSL to work on Windows - it sets the $_SERVER['https'] to off, instead of null 



git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@109712 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:19:47 +13:00
Sean Harvey
9d33d6abaa MINOR Doc update for Director::forceSSL() 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@109152 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:19:46 +13:00
Sean Harvey
8b8df80ccb MINOR Fixed tests not working on the web side as redirection to https would occur 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@108666 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:19:44 +13:00
Sean Harvey
c7bef99190 BUGFIX Undefined variable destURL in Director::forceWWW() (regression from r107094) 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@108492 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:19:43 +13:00
Sean Harvey
54f6acfc21 MINOR Fixed Director::forceSSL() breaking unit tests because headers were already sent 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@108435 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:19:43 +13:00
Sean Harvey
c52529215f ENHANCEMENT #2856 Limiting of relative URLs for Director::forceSSL() using a map of PCRE regular expressions 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@108428 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:19:42 +13:00
Sean Harvey
b4101984e4 BUGFIX Fixed ContentNegotiator to handle HTML and XHTML base tags properly when converting, regression from r108413 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@108421 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:19:42 +13:00
Carlos Barberis
dc8dee7dd9 BUGFIX: Added condition to avoid error creating "PastMember" cookie on dev/build (ticket #5780) Thanks simon_w 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@108397 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:19:41 +13:00
Ingo Schommer
5a8f4b4605 MINOR Added warning about Director::set_dev_servers() 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@108049 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:19:40 +13:00
Sam Minnee
36bdb52823 BUGFIX: Don't have any host-based dev servers set by default. 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@108027 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:19:40 +13:00
Ingo Schommer
78ac0fe3d6 ENHANCEMENT Allowing custom messages and permission codes in BasicAuth::protect_entire_site() 
ENHANCEMENT Making $permissionCode argument optional for BasicAuth::requireLogin(). If not set the logic only checks for a valid account (but no group memberships)
ENHANCEMENT Using SS_HTTPResponse_Exception instead of header()/die() in BasicAuth::requireLogin() to make it more testable

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@107867 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:19:38 +13:00
Will Rossiter
f7f237f119 ENHANCEMENT: abstracted protocol detection out to Director::protocol() #5450 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@107094 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:19:33 +13:00
Will Rossiter
c6364e5548 BUGFIX: prevented HTTPRequest->shift() throwing notices when shifting multiple elements. APICHANGE: SS_HTTPRequest->shift($multiple) no longer returns an array of size $multiple spaced with nulls, it returns an array up to the size of $multiple. 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@107090 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:19:33 +13:00
Will Rossiter
b834248ddc BUGFIX: fixed notice level errors getting through 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@107089 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:19:33 +13:00
Carlos Barberis
20fe6e8f6f BUGFIX: reverted revision 105890 to fix build 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@105903 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:19:29 +13:00
Carlos Barberis
3bbcb31364 ENHANCEMENT: Added method for $this->request->latestParam() backwards compatibility with Director::urlParam() 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@105890 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:19:29 +13:00
Sam Minnee
22e310dacd BUGFIX: Director::test() shouldn't break if $_SESSION isn't set. 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@104670 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:19:22 +13:00
Sam Minnee
bb5a333837 BUGFIX: Generate stage/live links using Controller::join_links() instead of string concatenation. 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@104581 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:19:21 +13:00
Sam Minnee
d8b6b59ebd BUGFIX: Fixed Controller::join_links() handling of fragment identifiers 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@104580 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:19:21 +13:00
Sam Minnee
4fd6d3ad39 BUGFIX: When finding an old page in the 404 handler, favour existing subpages over historical ones. 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@104468 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:19:21 +13:00
Sam Minnee
2bc1af1752 BUGFIX: Fix legacy URL redirection for pre-nestedurls URLs, after it has been enabled. 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@104463 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:19:21 +13:00
Luke Hudson
2e6451f99b MINOR: Recognize and allow HTTP/422 response code 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@104092 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:19:19 +13:00
Ingo Schommer
c8163eb609 BUGFIX Renamed Nested URLs are automatically redirected to their new location with 301 HTTP status code in ModelAsController/ContentController (fixes #5393, thanks cbarberis) 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@103461 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:19:15 +13:00
Ingo Schommer
6410432a3a BUGFIX Only replace double slashes in SS_HTTPRequest->__construct() for relative- its a failsafe against wrongly formatted URLs like 'admin//assets' instead of 'admin/assets', but breaks absolute URLs with 'http://' prefix 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@103099 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:19:13 +13:00
Mateusz Uzdowski
2889e57590 BUGFIX: disallow numeric actions - numeric array indexes are incorrectly picked up as allowed actions (#5331) 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@103092 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:19:13 +13:00
Ingo Schommer
0b44d49167 MINOR Using canView() instead of deprecated can('view') in ContentController 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@102909 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:19:12 +13:00
Ingo Schommer
a948824c43 BUGFIX Fixing RquestHandler->checkAccessAction() on PHP 5.2 - ReflectionMethod->class returns inconsisent results in older PHP versions. (see r102003) 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@102730 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:19:12 +13:00
Ingo Schommer
3588f6cf16 BUGFIX Using i18n::get_locale() in ContentController->ContentLocale() to ensure the correct locale can be used in templates withouth Translatable enabled (broken in r97207, thanks DesignCity) (from r102544) 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@102545 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:19:12 +13:00
Ingo Schommer
09353a2b6c MINOR Fixed indentation 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@102009 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:19:10 +13:00
Ingo Schommer
c85b71623a BUGFIX Prevent handling of controller actions which return $this avoid infinite loops in RequestHandler->handleRequest (thanks Hamish!) 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@102004 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:19:10 +13:00
Ingo Schommer
4c74f45361 API CHANGE Disallow methods/actions in RequestHandler->checkAccessAction() which are implemented on parent classes (e.g. ViewableData and Object), unless access is controlled through $allowed_actions. This limits information exposure from getters used in template contexts. 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@102003 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:19:10 +13:00
Ingo Schommer
9ae7fe67a5 BUGFIX Checking for existing redirections in FormResponse::respond (fixes #5208) 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@101958 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:19:10 +13:00
Geoff Munn
deaa1d675e BUGFIX: disable function re-enabled 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@101792 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:19:08 +13:00
Mateusz Uzdowski
89c7430600 BUGFIX: put back into the SSNavigator the archived site link (#5251) 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@101623 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:19:06 +13:00
Will Rossiter
28c0d8171b MINOR: fixed notice level error 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@101600 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:19:06 +13:00
Sean Harvey
4a516d8eed MINOR Removed rewritest.php places in sapphire since it's no longer part of the phpinstaller/branches/2.4 package 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@101353 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:19:05 +13:00
Ingo Schommer
a3812e28a5 MINOR Fixed missing closing <div> in ContentController->successfullyinstalled() 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@101254 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:19:04 +13:00