Related to SS-2013-009. While the default "TreeTitle" was escaped
within the SiteTree->TreeTitle() getter, other properties like SiteTree->Title
weren't escaped. The new logic uses the underlying casting helpers
on the processed objects.
Added tests to RequiredFields and fixed bugs that were found
Now you:
1. Can't add the same field name many times
2. Can use append RequiredFields correctly without fear of duplicates
I've also added a Deprecation warning to $useLabels as it's not used
*anywhere* in framework
Related to SS-2013-009. While the default "TreeTitle" was escaped
within the SiteTree->TreeTitle() getter, other properties like SiteTree->Title
weren't escaped. The new logic uses the underlying casting helpers
on the processed objects.
Related to SS-2013-009. While the default "TreeTitle" was escaped
within the SiteTree->TreeTitle() getter, other properties like SiteTree->Title
weren't escaped. The new logic uses the underlying casting helpers
on the processed objects.
The tabindex increment *should* only be done if there is a tabindex
that has been set on a CreditCardField already, otherwise it breaks
the tab ordering.
- Prevent circular references in `GridFieldAddExistingAutocompleter` when linking DataObjects whose ID matches the current object to which the gridfield is attached.
Due to the recent change of translations to transifex, some
locales changed their names, which prompted a fix to
i18n::get_available_translations() (see 00ffe7294).
This caused a regression where short locales are determined
from the YAML file names (e.g. "en"), but weren't matched up
with fully qualified locales from get_available_translations() (e.g. "en_US").
Since this list is used in the admin/myprofile dropdown for the Member.Locale value,
it didn't match up with any entries and defaulted to the first one ("Africaans").
Note that the behaviour of admin/myprofile is still a bit weird:
It defaults the locale on new members to the one set for the current administrator.
So if a site defaults to en_US in _config.php, but the admin happens to view
his backend in de_DE, all members he creates default to de_DE as well.
Thanks to @tractorcow for contributing and peer reviewing!
This is a workaround in order to ensure the field stays operational
for SiteTree and File records with the new $showSearch=true default.
Previously it was necessary to use setSearchCallback(), otherwise
the SQL query would fail. One limitation to keep this change generic
is that "MenuTitle" won't be used to search, since its SiteTree specific,
while the "Title" and "Name" fields are generally regarded as
model conventions (e.g. they're used in DataObject->getTitle() as well).
See https://github.com/silverstripe/silverstripe-framework/pull/2364
Set search option true on treedropdown fields by default, to provide a
fallback solution when trees fail to render (too many children errors)
Provide better indication/more meaningful styling to search (match
chosen styles for consistency)
Allow DataList::limit() to take a null value to remove the limit.
Added tests for limit(). Note the one failure, currently the ORM doesn't support unlimited values with an offset.
This resulted in an error since the returned class name did not exist.
Note that this only happened when someone subclassed GridFieldDetailForm
and did not subclass GridFieldDetailForm_ItemRequest.
When submitting a Datefield with no value but with a min / max config date, the validate() function attempts to access a function on $this->valueObj (which is a non-object)
Each CSS class passed in to `addExtraClass` or `removeExtraClass` will be set as their own key in the `extraClasses` array
Also make `Form` consistent with `FormField`
See discussion at https://groups.google.com/forum/?fromgroups#!topic/silverstripe-dev/Dodomh9QZjk
Fixes an access issue where all public methods on FormField were allowed,
and not checked for $allowed_actions. Before this patch you could e.g.
call FormField->Value() on the first field by using action_Value.
Removes the following assertion because it only worked due to RequestHandlingTest_AllowedControllerExtension
*not* having $allowed_extensions declared: "Actions on magic methods are only accessible if explicitly allowed on the controller."
Remove all top/bottom margins from buttons and apply to GridFieldButtonRow component. Ensure that all buttons are added to a suitable GridFieldButtonRow in ModelAdmin, SecurityAdmin and Group.
Some clients require disabling of the browser password handling
mechanisms. Add a switch to make it possible without hacking the core.
No change to default behaviour.
Very difficult to choose an image based on file name alone. Added thumbnail and reduced rows from 10 to 8 to compensate for increased height of rows with thumbnail included.
Per [RFC 2616 section 5.1.1][ietf], HTTP methods are case-sensitive.
- Change the internal representation of the form's method to upper case
- Update FormTest to accommodate the case changes
- Change method to lower case for HTML in Form#getAttributesHTML()
[ietf]: http://tools.ietf.org/html/rfc2616#section-5.1.1
Supports passing an array to removeByName(), which is iterate and then removed. Useful for removing fields from a fieldlist that are not on a tab. Similar to removeFieldsFromTab();
This is cleaner than a new function.
Previously relied on the presence of a last column which wasn't filterable,
commonly a GridFieldEditButton. If this wasn't present, the filter buttons
were never added, leading to the GridField JS reload request being sent
without the required button form action, so GridFieldFilterHeader->handleAction()
was never called.
It used to validate via ajax, but that has been removed as part
of the 3.0 refactor of all prototype.js code. In the end,
its a field which is quite trivial to implement in custom code
(or in controller code), unless we re-add the Ajax features.
And I think an ajax-validating uniqueness field is too much
of an edge case to belong into core.
Cleanup of framework's use of @package and @subpackage labels and additional of labels for classes missing packages.
Moved all GridField related components to the one name.
Countless spelling fixes, grammar for other comments.
Link ClassName references in file headers.
Fixes http://open.silverstripe.org/ticket/5577.
Uses Zend_Locale_Format::isNumber(). Includes unit test for NumericField. Does not include testing work on DBField underlying NumericField to ensure that works consistently.
This prevents it from failing for proxied values
like BlogEntryForm, where the field name doesn't exist,
and rather gets processed and saved into a different field.
Caused the UploadField rows to show "[Object object]" because
it tried to pass through a PHP object to JS without string casting
(the return used to be a string).
This is related to how Zend_Date returns year for YYYY & yyyy format. Detailed explanation is here http://framework.zend.com/issues/browse/ZF-5297
Sample code (adapted the Datetimefield setValue() method) to highlight the problem:
include 'framework/thirdparty/Zend/Date.php';
$userValueObj = new Zend_Date(null, null, 'en_US');
$userValueObj->setTimezone('GMT');
$userValueObj->setDate('2012-01-01', 'YYYY-MM-dd');
$userValueObj->setTime('00:00:00', 'HH:mm:ss');
echo $userValueObj->get('YYYY-MM-dd HH:mm:ss', 'en_US'), "\n"; // returns 2011-01-01 00:00:00
echo $userValueObj->get('yyyy-MM-dd HH:mm:ss', 'en_US'), "\n"; // returns 2012-01-01 00:00:00
Rendering potentially 1000s of nodes can exceed the CPU and memory constraints
of a normal PHP process, as well as the rendering capabilities of browsers.
Set a hard maximum for the renderable nodes, deferring to a "show as list" action
in the main CMS tree. For TreeDropdownField, we don't have the list fallback option,
so ask the user to search for the node title instead.
Also makes both the "node_threshold_total" and "node_threshold_leaf" values configurable
Caused by SS loading a URL with html entities (&)
through the Requirements API, which only works when directly
inserted into the HTML template (standard behaviour),
but garbles the URL GET parameters when loaded via the jQuery.ondemand
JavaScript/XHR logic.
It didn't fail the request, just meant that tiny_mce_gzip.php wasn't
getting all the required options from the GET parameters.
And since this newly loaded file contains the same JS globals,
it would override previously loaded (correct) state.
The deprecations are supposed to denote the release where
the functionality will be removed, as opposed to the one where
its deprecated. Having 3.1 as a target for recent changes
in popular methods like Object::add_extension() causes
too many short-term hassles, there's no "grace period".
Extracted common code out to SS_HTMLValue and made abstract, then
put HTML 4 specific code in SS_HTML4Value. Its now possible to
replace HTMLValue with one designed for HTML 5 or XHTML
Requires a code change from new SS_HTMLValue to
Injector::inst()->create(HTMLValue)
When saveInto is called on ListboxField and CheckboxsetField,
UnsavedRelationList should be an acceptable relationship type. This is
leading to relations not being saved on initial creation of Member
objects
This bug was introduced with the new nested CMS actions
around December 2012, but wasn't noticed until now
because checkAccessAction() would wrongly return TRUE
before the dataFieldByName() check was reached.
At the moment form actions (buttons) have the classes 'action action' as default. This is because the extraClass function adds 'action' and then calls the parent method. The parent then includes the $this->Type() ('action') again.
So I've remove this overloading of extraClass
This bug was introduced with the new nested CMS actions
around December 2012, but wasn't noticed until now
because checkAccessAction() would wrongly return TRUE
before the dataFieldByName() check was reached.
RequestHandler#handleAction now exists. It takes the request, and
the action to call on itself. All calls from handleRequest to call an action
will go through this method
Controller#handleAction has had it's signature changed to
match new RequestHandler#handleAction
RequestHandler#findAction has been added, which extracts the
"match URL to rules to find action" portion of RequestHandler#handleRequest
into a separate, overrideable function
GridField#handleAction has beeen renamed to handleAlterAction and
CMSBatchActionHandler#handleAction has been renamed to handleBatchAction to
avoid name clash with new RequestHandler#handleAction
Reason for change: The exact behaviour of request handling depended heavily
on whether you inherited from RequestHandler or Controller, and whether the
rule extracted it's action directly (like "foo/$ID" => 'foo') or dynamically
(like "$Action/$ID" => "handleAction"). This cleans up behaviour so
all calls follow the same path through handleRequest and handleAction, and
the additional behaviour that Controller adds is clear.
We shouldn't pass it to the child fields since it ends
up showing the description three times in the default
"inline" mode. If the description is required as a hover/focus effect,
it can be set individually on the fields.
Sometimes has-one UploadFields can get confused about whether or not there is an existing file that needs deleting. This setting lets you make a more robust has-one UploadField, where any existing file will be replaced. It more closely mimics simple single-file upload fields.
This is the companion setting to canUpload, letting you control whether existing files from the asset store can be referenced. It's particularly useful when using UploadField on the front-end.
Although editing meta-data or deleting permanently would require File editing/deleting permissions, merely linking to a record does not. This change is important for allowing front-end use of UploadField; or, more importantly, use of UploadFile by people without CMS rights.
The new config setter restores the 2.4 behaviour of including <input type="hidden"> with a field. Although as a default, this option has security flaws; it is useful in a few circumstances and, if nothing else, is handy to make upgrading sites easier.
This hook is useful so that you can add additional fields / actions in a gridfield form that are not available in other settings (e.g. additional actions: previous / next / save and publish / unpublish / etc
Function unset() preserves numeric keys and method removeRequiredField() will give a PHP notice about nonexistent array key and loop won't iterate throughout all elements in array on second method call (and all subsequent).
So it's better to use foreach loop and array_splice() function (it doesn't preserve numeric keys).
Introduced new FormField->castedCopy() method
which tries to replicate the existing form field instance
as closely as possible.
Primarily, the fix was targeted at consistently passing
through FormField->description to all of its variations.
GridField uses createTag() which is marked for deprecation, rather
than have it used as the cornerstone of generating FormField templates,
use it as a helper in case fields generate HTML tags from PHP.
The existence of .ss-tabset triggers JS which applies $.tabs(),
and in turn interprets the first available link as the tab navigation.
jQuery UI subsequently tries to ajax-load this link, which is not
desired. Instead, $.tabs() should *only* be applied to a container
DOM element with .cms-tabset applied.
On IE8, camel case element attributes are NOT included in the object returned
by $(elem).data(), meaning attrs defined in DateField.php (jqueryDateformat and
isoDateformat) are NOT seen by the code in DateField.js (ie the "config" var
doesn't have these set). Causing IE8 to fall back to using US date (mm/dd/yyyy)
formats. This can subsequently cause validation issues if the user's date
format is different.
DateField.js already explicitly checks for jquerydateformat (all lowercase)
so DateField.php has been modified to reflect the correct case for this
attribute name
In locales other than en_US, as a result of missing jQuery locale
files, the DatePicker defaulted to English whenever day and monthnames
were used, breaking validation. Needed to change official locale files
before adding, because Zend_Date and jQuery day/monthnames not matching
again breaks validation.
Removed hard setting the names to uppercase, breaking validation for
other locales
Changed order in convert_iso_to_jquery_format(), to prevent EEE(E)
settings from being overwritten
Added a check for existing locale files, and made DatePicker fallback
to ISO yyy-MM-dd if a missing locale file would otherwise break
validation.
Added documentation for the DateField
The entire framework repo (with the exception of system-generated files) has been amended to respect the 120c line-length limit. This is in preparation for the enforcement of this rule with PHP_CodeSniffer.
In some places source is referenced directly and assumed to be array, while in some places the getSource() method is used instead.
By changing this you have more freedom when extending these classes
While 'y' in PHP means 4 digits year (e.g. 2012), jquery date picker means 2 digits (e.g. 12). That's all fine until then but when you pass the 2 digit year value back to PHP it all goes awry.
For exmple, defatult date format in en_US is 'MMM d, y' so in jquery date picker it's something like this 'Aug 22, 12' and eventually PHP will convert that value to '0012-08-22' which completely wrong.
Fixes the handleAction function of GridFieldDeleteAction which wasn't differentiating between a 'deleterecord' action and an 'unlinkrelation' action.
Fixes http://open.silverstripe.org/ticket/7801
Wasn't refreshing after ajax save operations on existing
content, as the URL didn't change, and hence the CMS
didn't reload the view. Return the view directly instead,
unless we're dealing with new records (= changed URL).
The classnames on the add-new button and breadcrumbs were not
translated due to the use of singular_name() instead of
i18n-singular_name() in GridFieldAddNewButton and GridFieldDetailForm.
Delay converting the object to a string and escaping its value until the end of getColumnContent. Call formatValue BEFORE castValue, so that formatValue can create raw HTML by casting to HTMLText afterwards.
Space delimiter is often confused by browsers, and encoded as %20 which
breaks the shortcode system. Change to comma delimitation has already
been implemented, this is a followup cleanup.
Ref http://open.silverstripe.org/ticket/7337
We removed this because it depended on GeoIP, which was weird, and had its own dependancies.
But Zend_Locale is included in core, and can give us all the data we need for CountryDropdownField
When adding media via the HtmlEditorField dialog, the value of the URL field wasnt being validated. Youd get different errors depending on if the field was empty
or if it had text, but it didnt look like an absolute URL to HtmlEditorField#viewfile.
This adds some javascript validation to make the text field look like a URL field
Only use relField() when it exists (usually on DataObject),
otherwise fall back to method or value returns
(same as original GridFieldDataColumns behaviour).
HTML in tree nodes is already used to render page icons via SiteTree->TreeTitle.
In order to select the initial value correctly via HTML5 data attributes,
we need to encode any HTML values.
ImageFormAction is deprecated, using the new API results in a submit input rather than an image input being generated. Added hasAttribute helper to FormField as well as test coverage.
* Use jquery ui accordion for the field, and implemented an admin theme.
* Made the setting of configuration consistent with other form fields.
* ToggleComposteField->startClosed() has been deprecated in favour of
setStartClosed().
* Removed public access to the heading level, instead use getHeadingLevel()
or setHeadingLevel().
* Add arrows back to edit-all toggle button
* Don't show dimensions if the item being inserted doesn't have them.
* Set pop-up windows to be a percentage of the window height for better
use of space
* Fix broken fieldholdersmall styling within files edit
* Add placeholder if no preview
*Take out minFileSize so upload will work on Android phones
API CHANGE: Added GridField::getDataFieldValue() to encapsulate field lookup for all components.
API CHANGE: Allow 'callback' key to be specified in a GridFieldDataColumn column info. In this case, title should be put as the 'title' key of a map rather than simply the column info.
* Replaced cancel/delete button in files area
* Consolidated Image upload styles with AssetUpload styles
* Changed name of step 2 in image upload
* Made image editing hidden by default, so multiple files can be seen,
and added ability top open and close
* Tweaked styles in on page upload field (status colour and file name
width)
---
* Added a separate component to grid field to hold buttons.
* Updated templates for changes
* Updated comments
Conflicts:
css/AssetUploadField.css
css/GridField.css
* Alter Grid Field "Add New" Button to take the name of the table (i.e.
"Add Member")
* Alter table names in security section to be singular so the button
text makes sense
Form actions assume that they are reloading the form afterwards. But
this is not always the case - for example "delete" action will redirect
back to the panel, so we need to be able to set the X-Pjax headers
accordingly.
1. Modified gridfield to use default colours
2. Added ability to show and hide the filter
3. Design changes to icons used
4. Gridfield template fixes: Took out broken mark-up from templates
(spans were being inserted inside spans), and adjusted styles. Added
extra class to template
5. Added "filter by ..." placeholder text to input fields
---
These are some enhancements + tweaks I made as part of getting the advanced workflow module running in SS3:
* Added a readonly view button and action to GridField.
* Made LeftAndMain::getResponseNegotiator() public so CMS extensions can use it to generate responses.
* Fixed top tab background, made text more readable (http://i.imgur.com/yDmmY.png).
* Allow fields in the CMS to not be change tracked using ".no-change-track".
* Made all icons 16x16 (some were different sizes, being cut off), and allow them without .ui-state-default.
* Fixed ToggleCompositeField and tweaked field styling.
---
The two bug fixes impact on the file area, but have wider reach.
BUGFIX: Colour Adjustments
Change the constructive button colour to match the colour used in the designs, and fix up calculations to produce the correct button colour.
BUGFIX: IE Colours
Replace hard coded colours in IE with variables, and refactor code so that shared IE7 and IE8 fixes are in one place.
ENHANCEMENT: UI Changes to FileUpload Area (TRAC-7219)
1. Add arrows to edit dropdowns
2. Adjust lightened fields so they dont look like input boxes, and fix rgba colours
3. Add ability to click file names to edit
4. Add feedback when edit button is hovered
5. Add feedback if a file has been opened for editing and shut again (saved changes, unsaved changes, unchanged)
6. Add ability to open and close all files to edit them all at once
7. Add overall feedback for file uploads, and fix NaN error
8. Fix up area to match design
9. Fix error messages so they fit in the provided space
10. Fix case where a single uploaded file errors
1. Add arrows to edit dropdowns
2. Adjust lightened fields so they don't look like input boxes, and fix
rgba colours
3. Add ability to click file names to edit
4. Add feedback when edit button is hovered
5. Add feedback if a file has been opened for editing and shut again
(saved changes, unsaved changes, unchanged)
6. Add ability to open and close all files to edit them all at once
7. Add overall feedback for file uploads, and fix NaN error
8. Fix up area to match design
9. Fix error messages so they fit in the provided space
10. Fix case where a single uploaded file errors
BUGFIX Remove legacy code and template which is never picked-up so that TextareaField becomes 'readonly' when it is transfered to readonly field. Change TextareaFieldTest test cases to address a 'readonly' textarea field displaying the special html characters correctly.
---
The primary goal of this branch was to fix the sort bugs in AssetAdmin, however, it started a bit of a yak shave in that the API around SQLQuery was poor. The biggest change that this pull request makes is it changes the format of SQLQuery::$select to contain aliases as array keys (and consistently puts the "implicit alias" in there to assist with various query generation logic), but it also makes a bunch of changes to avoid direct access of that property.
---
When open an image form loaded from TinyMCE Content, change the looks of the popup, such as popup heading (change from "Insert Image" to "Update Image"), action button label (change from "Insert" to "Update"), hiding the cancelling button on the top right corner which still needs to show when in inserting mode
Conflicts:
lang/en.yml
User does not necessarily knows what CSRF is, and tends to get scared by
this, thinking he has abused something. On the other hand users tend to
know what session expiry means.
http://open.silverstripe.org/ticket/7046
UploadField would default to one folder only, and wouldn't allow asset
tree traversal. HtmlEditorField MediaForm has this capability, so added
it here in a similar fashion via TreeDropdownField.
UploadField was relying entirely on the File::get_class_for_file_extension to
select a class, so it could only create File or Image objects. This
would break the relationships based on derived objects. Also make it
respect the FileField::relationAutoSetting.