Commit Graph

1774 Commits

Author SHA1 Message Date
Hamish Friedlander
f2c4a629a7 FIX: ConfirmedPasswordField used to expose existing hash 2014-04-17 11:57:57 +12:00
Damian Mooyman
6d5d3d8cb7 Rewrote usages of error suppression operator 2014-03-05 14:22:19 +13:00
Sean Harvey
5e5a2f8845 Merge pull request #2288 from chillu/pulls/browser-spellcheck
API Disable discontinued Google Spellcheck in TinyMCE (#2213)
2013-10-03 14:42:45 -07:00
Ingo Schommer
bda56eb9b0 Don't link record in GridField form message
This is no longer allows through Form->sessionMessage() to avoid XSS.
2013-09-30 23:55:32 +02:00
Ingo Schommer
c243418597 API Escape form validation messages (SS-2013-008) 2013-09-24 21:54:31 +02:00
Ingo Schommer
114fb59107 FIX Auto-escape titles in TreeDropdownField
Related to SS-2013-009. While the default "TreeTitle" was escaped
within the SiteTree->TreeTitle() getter, other properties like SiteTree->Title
weren't escaped. The new logic uses the underlying casting helpers
on the processed objects.
2013-09-24 21:40:17 +02:00
Sean Harvey
b383a07f90 BUG Fixing tabindex added to CreditCardField when tabindex is NULL
The tabindex increment *should* only be done if there is a tabindex
that has been set on a CreditCardField already, otherwise it breaks
the tab ordering.
2013-09-24 21:40:17 +02:00
Simon Welsh
c66cc952d2 Correct line length and indentation 2013-08-21 21:27:16 +12:00
Ingo Schommer
0e7231ff60 API Disable discontinued Google Spellcheck in TinyMCE
Replaced by browser-based spellchecking if available (Chrome, Firefox),
with instructions on how to use PSpell as an alternative.
2013-08-03 16:16:45 +02:00
Ingo Schommer
920edf88e7 Test allowedExtensions in UploadField, return correct HTTP status 2013-07-12 13:16:34 +02:00
Ingo Schommer
c85c495848 BUG GridFieldFilterHeader works without non-filterable cols
Previously relied on the presence of a last column which wasn't filterable,
commonly a GridFieldEditButton. If this wasn't present, the filter buttons
were never added, leading to the GridField JS reload request being sent
without the required button form action, so GridFieldFilterHeader->handleAction()
was never called.
2013-05-23 17:48:27 +02:00
Ingo Schommer
933fbf8ea4 l10n key to make "yes" and "no" translatable (see #1749) 2013-04-12 01:11:24 +02:00
Stig Lindqvist
3aced1151f BUG: GridFieldFilterHeader only filters on last filter
GridFieldFilterHeader only filters on the last filter argument because it keeps recloning the original datalist
2013-03-29 20:06:57 +13:00
Ingo Schommer
2787d360c1 FIX "Insert Link" and other TinyMCE loading bugs (fixes #8327)
Caused by SS loading a URL with html entities (&)
through the Requirements API, which only works when directly
inserted into the HTML template (standard behaviour),
but garbles the URL GET parameters when loaded via the jQuery.ondemand
JavaScript/XHR logic.

It didn't fail the request, just meant that tiny_mce_gzip.php wasn't
getting all the required options from the GET parameters.
And since this newly loaded file contains the same JS globals,
it would override previously loaded (correct) state.
2013-03-20 17:58:17 +01:00
Ingo Schommer
25af4adce2 Merge tag '3.0.5' into 3.0 2013-02-20 02:21:41 +01:00
Ingo Schommer
16d0c188ee BUG Find Form actions in CompositeFields for access checks
This bug was introduced with the new nested CMS actions
around December 2012, but wasn't noticed until now
because checkAccessAction() would wrongly return TRUE
before the dataFieldByName() check was reached.
2013-02-19 15:48:29 +01:00
Daniel Hensby
b7e34bd54c Removing redundant function
At the moment form actions (buttons) have the classes 'action action' as default. This is because the extraClass function adds 'action' and then calls the parent method. The parent then includes the $this->Type() ('action') again.

So I've remove this overloading of extraClass
2013-02-18 16:38:15 +00:00
Ingo Schommer
92458d9f43 Fixed line lengths 2013-02-18 14:41:49 +01:00
Ingo Schommer
7bb0bbff0e BUGFIX Fixed XSS in admin/security and "My Profile" forms 2013-02-17 23:27:15 +01:00
Ingo Schommer
e21bd49462 BUG TimeField respects user choice (fixes #8260)
Regression from c969e04731.
Also fixes width to accommodate for widest common format:
"11:11:11 AM"
2013-02-17 21:00:02 +01:00
Ingo Schommer
857d8bb8df FIX Don't escape values on TreeDropdownField readonly views
They typically output TreeTitle() which is assumed to be HTML.
2013-02-04 17:15:32 +01:00
Sam Minnee
9a2ba483df BUGFIX: Made CSRF-error wording friendlier. 2013-01-29 18:03:49 +01:00
Sam Minnee
47e037e74c FIX: Removed notice-level error after forms w/ required fields are made readonly. 2013-01-29 18:03:47 +01:00
Ingo Schommer
8717deca82 HTMLEditorField undefined $dimensionsField (fixes #7494)
Also use fluent API for form field definition to keep field invocations
in one place and thereby reduce these kind of bugs.
2013-01-21 11:11:21 +01:00
Ingo Schommer
5d37d55f35 BUG Form session message clearing regression
Regression originally from 729bcc95, but made visible by 014f541a8
2013-01-21 11:11:21 +01:00
Ingo Schommer
014f541a89 BUG Regression in Form->clearMessage() (fixes #8186)
See 729bcc9
2013-01-15 14:25:07 +01:00
uniun
e020c7be57 BUG doSave() and doDelete() should use translated singular name 2013-01-11 15:50:09 +01:00
Ingo Schommer
42a73715cf Merge pull request #1051 from uniun/patch-3
BUG removeRequiredField() should use array_splice() instead of unset()
2013-01-11 06:45:35 -08:00
Ingo Schommer
9b42dec932 Merge pull request #1072 from sunnysideup/patch-2
adding extension hook in GridFieldDetailForm.php
2013-01-11 06:37:27 -08:00
Ingo Schommer
7dda38742e Merge pull request #1071 from sunnysideup/patch-1
Update forms/TextareaField.php: small edit to description of the field
2013-01-11 06:37:01 -08:00
Ingo Schommer
e7e6c45aee Merge pull request #1082 from sminnee/form-improvements
Form improvements
2013-01-11 02:29:14 -08:00
Ingo Schommer
acc616b2ca Merge pull request #1080 from sminnee/caching-improvements
Caching improvements
2013-01-11 02:00:51 -08:00
Sam Minnee
5b450f7fea NEW: Added replaceExistingFile setting for UploadField.
Sometimes has-one UploadFields can get confused about whether or not there is an existing file that needs deleting.  This setting lets you make a more robust has-one UploadField, where any existing file will be replaced.  It more closely mimics simple single-file upload fields.
2013-01-11 09:29:06 +01:00
Sam Minnee
cc7318fde4 NEW: Added canAttachExisting config option for UploadField.
This is the companion setting to canUpload, letting you control whether existing files from the asset store can be referenced.  It's particularly useful when using UploadField on the front-end.
2013-01-11 09:29:02 +01:00
Sam Minnee
2fdd9a3b13 FIX: Allow images attached to UploadFields to be unlinked without File::canEdit() or File::canDelete() permission.
Although editing meta-data or deleting permanently would require File editing/deleting permissions, merely linking to a record does not.  This change is important for allowing front-end use of UploadField; or, more importantly, use of UploadFile by people without CMS rights.
2013-01-11 09:07:42 +01:00
Ingo Schommer
67c5db3320 NEW Global default config for UploadField 2013-01-11 09:07:42 +01:00
Ingo Schommer
2dfd42795e NEW Restrict upload abilities in UploadField
Conflicts:
	css/UploadField.css
	templates/UploadField.ss
2013-01-11 09:07:42 +01:00
Hamish Friedlander
2916f2043c NEW: Improve HTTP caching logic to automatically disable caching for requests that use the session.
This improvement makes it easier to set a side-wide default cache time without needing to worry about CSRF-protected forms, etc.
2013-01-08 17:47:05 +13:00
Sam Minnee
729bcc95db BUGFIX: Don't clear form messages unless forTemplate() is actually called.
BUGFIX: Clear session-stored form data as well as form error message.
2013-01-08 17:45:17 +13:00
Sam Minnee
abbee41b78 NEW: Add ReadonlyField::setIncludeHiddenField()
The new config setter restores the 2.4 behaviour of including <input type="hidden"> with a field. Although as a default, this option has security flaws; it is useful in a few circumstances and, if nothing else, is handy to make upgrading sites easier.
2013-01-08 17:45:17 +13:00
Sean Harvey
2140a621fb Merge pull request #1067 from halkyon/shorthand_ternary_op
Remove unncessary variable from TreeDropdownField
2013-01-06 17:20:54 -08:00
Sean Harvey
68eb367d27 Remove unncessary variable from TreeDropdownField 2013-01-07 14:14:54 +13:00
Nicolaas
a32451f72e adding extension hook in GridFieldDetailForm.php
This hook is useful so that you can add additional fields / actions in a gridfield form that are not available in other settings (e.g. additional actions: previous / next / save and publish / unpublish / etc
2012-12-27 19:22:54 +13:00
Justin Martin
f431b35b88 BUG: Confirmed Password Field now copies attributes to child fields. 2012-12-27 09:25:15 +13:00
Nicolaas
3fca288873 Update forms/TextareaField.php
small edit to description of the field (usage).  Removed reference to cols and rows parameters.
2012-12-26 22:29:36 +13:00
Ingo Schommer
661a4a2492 Removed direct sprintf() usage from _t() calls
Parameterized strings are easier to understand,
and more fail-proof, don't fatal out when not enough sprintf() args
2012-12-21 11:46:38 +01:00
uniun
6aba24b3e9 BUG removeRequiredField() should use array_splice() instead of unset()
Function unset() preserves numeric keys and method removeRequiredField() will give a PHP notice about nonexistent array key and loop won't iterate throughout all elements in array on second method call (and all subsequent).
So it's better to use foreach loop and array_splice() function (it doesn't preserve numeric keys).
2012-12-18 11:57:11 +02:00
Simon Welsh
fc5dd2994c Add codesniffer that ensures indentation is with tabs. 2012-12-12 00:12:11 +13:00
Ingo Schommer
434759cc83 BUGFIX Correct redirection URL on deletion in GridFieldDetailForm 2012-11-16 15:32:17 +13:00
Ingo Schommer
bd0e597ac6 Use button tag for delete button in GridFieldEditForm 2012-11-16 15:32:17 +13:00