Controller (and subclasses) failed to enforce $allowed_action restrictions
on parent classes if a child class didn't have it explicitly defined.
Controllers which are extended with $allowed_actions (through an Extension)
now deny access to methods defined on the controller, unless this class also has them in its own
$allowed_actions definition.
urlRewriter will expect a callable as a second parameter,
but will work with the current api and simply raise a deprecation error.
HTTP::absoluteURLs now correctly rewrites urls into absolute urls. Resolves introduced in c56a80d6ce
HTTP::absoluteURLs now handles additional cases where urls were not translated.
Test cases for HTTP::absoluteURLs added for both css and attribute links.
Cleaned up replacement expression and improved documentation.
This reverts commit 356a367eb5.
We can't use headers_sent() to determine an accurate
content length, since PHP defaults to buffering a couple of bytes
even without ob_start() (see "output_buffering" setting).
This makes the patch harmful, since it breaks any responses relying
on more structure data, like removing closing brackets from JSON.
Which in turn breaks the CMS in horrible ways (see #8010).
See #7574 for context.
Avoid PHPUnit throwing "test didn't run any assertions"
notices in PHP. If nothing else, it keeps test output
looking less broken by default, making it more likely
that actual errors do get noticed.
The entire framework repo (with the exception of system-generated files) has been amended to respect the 120c line-length limit. This is in preparation for the enforcement of this rule with PHP_CodeSniffer.
These APIs are primarily intended to let developers write custom 404 handlers. They can define an onBeforeHTTPError404() method on an Extension that gets added to Controller or RequestHandler.
The SS_HTTPResponse_Exception object has also been tidied up to override the status info of any SS_HTTPResponse object that might get passed. This is mainly to make it easier for callers (such as ContentController and ModelAsController) to use RequestHandler::httpError() more consistently.
CMSProfileController currently checks canView() which ensures that a logged in CMS
Member can access the profile controller, but when saving the record on Member_ProfileForm
there is no check for canEdit(), so extended permissions don't get respected.
This adds a check for canEdit() in Member_ProfileForm, and adds some functional tests
to check permissions.
ADDED: HTTP_Request::params() to retrieve all (shifted) params used in the request
FIXED: Issue where route-table level arguments would not be accessible without using non-deprecated API.
ADDED: Test case to test the above items
UPDATED: Extended Director::test to allow for the retrieval of the request object
UPDATED: Deprecated notice on Director::urlParam and Director::urlParams
REMOVED: Unused variable
FIXED: Coding convention conformity
This allows arguments to be passed along in an $allowed_actions deceleration of
the form 'action' => '->method' in the same way that arguments can be passed to
extension constructors when adding them using $extensions or
Object::add_extension.
I.e. 'action' => '->checkerMethod(false, 7, 2, "yesterday") would call the
checkerMethod method with the boolean false the numbers 7 and 2 and the string
"yesterday" as its arguments.
See http://open.silverstripe.org/ticket/6672. Expanded on initial patch with test coverage. Fixes another one of the commented out cases in the test by picking up URL's which do not include a protocol.
This also removes the $global_mimetypes that was generating weird errors when both HTTP and Mailer classes tried to modify and use it.
Support of finfo should be straightforward since PHP 5.3 includes that module that default
instead of assertType(), assertEmpty() is available in PHPUnit 3.5+.
PHPUnit 3.4 is no longer supported, so please upgrade your version to
work.
MINOR Removed FullTestSuite which was a workaround for PHPUnit but not
used.
SECURITY More solid URL checks in Director::is_site_url(), using a conservative parse_url() hostname comparison rather than Director::makeRelative(), which is not designed for security purposes
API CHANGE: Simplified state handling so that it's just a key store. Affectors are replaced with GridField_ActionProviders. API CHANGE: Removed GridField state manipulation actions instead opting for GridField_ActionProvider actions.
API CHANGE: Removed support for modifiers that add "body" rows, instead having core support for generating the body rows hardcoded into the GridField.
API CHANGE: Allow modification of columns across the whole GridField with the GridField_ColumnProvider interface.
API CHANGE: Renamed GridField_AlterAction to GridField_Action, and added actionName/args parameters, since it can be used for all actions (including batch actions and row actions)
API CHANGE: Removed GridFieldRow class.
From: Andrew Short <andrewjshort@gmail.com>
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@95902 467b73ca-7a2a-4603-9d3b-597d59a354a9
MINOR: Replaced usage of renamed classes with the new namespaced name.
From: Andrew Short <andrewjshort@gmail.com>
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@90075 467b73ca-7a2a-4603-9d3b-597d59a354a9
MINOR fix a test that makes no sense
MINOR a couple bugs around embargo/expiry have been fixed (from r85505)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@89159 467b73ca-7a2a-4603-9d3b-597d59a354a9
From: Andrew Short <andrewjshort@gmail.com>
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@88498 467b73ca-7a2a-4603-9d3b-597d59a354a9
MINOR: Deprecated RootURLController::get_homepage_urlsegment() in favour of get_homepage_link().
MINOR: Updated SiteTree->RelativeLink() to return a link to the site root for the home page.
From: Andrew Short <andrewjshort@gmail.com>
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@88496 467b73ca-7a2a-4603-9d3b-597d59a354a9
From: Andrew Short <andrewjshort@gmail.com>
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@88483 467b73ca-7a2a-4603-9d3b-597d59a354a9
BUGFIX Limiting RootURLController to just trigger Translatable if no DomainForHomepage value is found
BUGFIX Using $locale parameter in Translatable::get_homepage_urlsegment_by_locale()
BUGFIX Updated enabling mechanism in Translatable->alternateGetByUrl()
MINOR Removed HTTP_HOST setting in TranslatableTest, wasn't necessary
API CHANGE Deprecated Translatable::get_homepage_urlsegment_by_language(), use get_homepage_urlsegment_by_locale()
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@75328 467b73ca-7a2a-4603-9d3b-597d59a354a9
svn://svn.silverstripe.com/silverstripe/modules/sapphire/branches/2.2.0-mesq
........
r47488 | ischommer | 2007-12-21 16:03:04 +1300 (Fri, 21 Dec 2007) | 1 line
in fileExists(): replace any appended query-strings, e.g. /path/to/foo.php?bar=1 to /path/to/foo.php
........
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@52186 467b73ca-7a2a-4603-9d3b-597d59a354a9