Commit Graph

171 Commits

Author SHA1 Message Date
Damian Mooyman
97f21fddb3 [ss-2015-021] Fix rewrite hash links XSS 2015-11-11 17:46:27 +13:00
Damian Mooyman
7ff131daa7 BUG Fix default casted (boolean)false evaluating to true in templates 2015-06-12 15:47:15 +12:00
Damian Mooyman
b195132407 Fix missing media parameter on Requirements::combine_files
Regression from #4136
2015-05-11 17:30:59 +12:00
Nik Rolls
8727f27f2a Documentation tidy for Requirements.php
Documentation-only changes, except where a couple of methods have been moved to live next to other related functions.
2015-04-29 20:17:40 +12:00
Christopher Pitt
604c328712 Fixed XSS vulnerability relating to rewrite_hash 2015-03-20 18:17:51 +13:00
Daniel Hensby
389e2e7cd1 Merge pull request #3897 from kinglozzer/patch-1
FIX: Misleading error message in SSViewer
2015-02-17 10:12:30 +00:00
Loz Calver
998c055676 FIX: Misleading error message in SSViewer
Better error message if theme is disabled

DRY!
2015-02-16 09:24:58 +00:00
Damian Mooyman
1db08bac88 BUG Fix FormAction title encoding
BUG Fix TreeMultiSelectField using the wrong label
BUG Fix encoding of selected title on TreeDropdownField
BUG Fix DataDifferencer trying to compare non-comparable fields (non-dbfield objects)
BUG: Fix issue with TreeMultiSelectField not saving
BUG: Fix issue with GridFieldPrintButton
ENHANCEMENT Instead of using multiple api calls to encode dbfield values, delegate this operation to the individual fields via forTemplate
Instead of using a new API to communicate html encoding to treeselect, just ensure all content is HTML encoded, and enable html_titles in jstree.
2015-02-13 15:50:45 +13:00
Daniel Hensby
89c14d079d Making TreeMultiSelectField consistent with parent class
NEW TreeDropdownField sanatiser helper added
Use config for default_cast of objects
FIX Determine if Diffed value should be escaped
Forcing casting for core DB fields
Fixing permissions labels
2015-02-13 11:12:30 +13:00
Will Morgan
7c9810bf49 Merge pull request #3432 from IgorNadj/3.1-fix-minify
FIX making minify javascript fail-safe
2015-02-06 11:17:59 +00:00
Igor Nadj
657606e8c8 Updating code to allow unit test to use try-catch block to catch warning
without stopping code execution inside try
2014-11-26 15:27:54 +13:00
Juri Demeschew
19f11e72b0 Update Requirements.php
Makes requirements inclusion work with old PCRE versions
2014-10-31 15:41:58 +01:00
Loz Calver
570f261302 FIX: Tag-less cache backends error on flush 2014-10-15 11:41:15 +01:00
Damian Mooyman
793784e9d7 BUG Fix flushing of SSViewer cache via testing 2014-10-14 09:47:05 +13:00
Sean Harvey
f86b0bbca0 Merge pull request #3459 from jdemeschew/3356-fix-js-not-properly-included
Fix #3356 js not properly included
2014-10-13 16:41:37 +13:00
Loz Calver
48eb0e67e6 FIX: Deliberately clear partial cache blocks on flush (fixes #1383)
Move property to top of class definition

Move property to top of class definition
2014-10-09 21:44:01 +01:00
Juri Demeschew
3eabd7d41a Fix #3356 js not properly included 2014-09-09 06:59:31 +02:00
Nik
6141930f15 Copy SSViewer rewrite_hash_links regexp to SSTemplateParser
As this is meant to represent the same functionality in two different
areas, it should behave the same way in both.
2014-09-02 15:20:47 +12:00
Igor Nadj
f823831a63 FIX making minify javascript fail-safe 2014-08-25 11:49:38 +12:00
Sean Harvey
2b316e79e5 NEW Provide a consistent way of triggering flush
Provides an interface for classes to implement their own flush()
functionality. This function gets called early in a request on
all implementations of Flushable when flush=1|all is requested in the
URL.

This fix came out of an issue where Requirements combined files were not
being cleaned up after dev/build?flush=1, due to the fact that flush
would only occur when you called it while on a page that used those
combined files, but not in any other contexts. This will now call flush
on any implementors of Flushable regardless of the context of where
flush was called.
2014-08-22 09:24:27 +12:00
Simon Welsh
1d5706f15c Correct line length and indentation 2014-03-30 21:11:56 +13:00
Simon Welsh
6db96eac8f Correct errors from differening behaviour between 3.0 and 3.1 2014-03-30 19:29:18 +13:00
Simon Welsh
f9c44e4ceb Merge branch '3.0' into 3.1
Conflicts:
	model/Versioned.php
	view/SSTemplateParser.php
	view/SSViewer.php
2014-03-30 18:15:12 +13:00
Damian Mooyman
4415a75d93 BUG Fix issue with versioned dataobjects being cached between stages 2014-03-27 13:17:29 +13:00
Ingo Schommer
ab070944d5 Merge branch 'pulls/apidocs-package-list' of https://github.com/madmatt/silverstripe-framework into madmatt-pulls/apidocs-package-list
Conflicts:
	view/SSTemplateParser.php
	view/SSTemplateParser.php.inc
2014-01-31 15:15:59 +13:00
Ingo Schommer
78a530524b Merge pull request #2684 from Firesphere/feature/force_write_js_to_bottom
NEW Forcefully write javascripts to the end of the HTML if wished
2013-12-19 09:21:06 -08:00
Firesphere
af7afbe918 IMPROVEMENT/FEATURE Forcefully write javascripts to the end of the HTML if wanted.
It's defaulted to false. But when set to true, the JS is written to the end of the HTML, even though there are earlier scripts.
This results in faster page-loading if the JS isn't needed earlier-on.
2013-12-14 14:04:03 +01:00
Ryan Wachtl
b260e5e29c FIX Check for file in project() folder when calling Requirements::themedCSS() #2613
Allows overriding of theme and module css files by looking in project() folder first. Consistent with documented behavior.
2013-12-13 11:12:22 -06:00
Firesphere
41371fea72 NEW Force the javascripts to be put before the closing body tag 2013-12-07 15:47:31 +01:00
Firesphere
14447b167a IMPROVEMENT/FEATURE Forcefully write javascripts to the end of the HTML if wanted.
It's defaulted to false. But when set to true, the JS is written to the end of the HTML, even though there are earlier scripts.
This results in faster page-loading if the JS isn't needed earlier-on.
2013-12-07 15:47:27 +01:00
micmania1
b89ab1eb16 Added SSViewer::get_templates_by_class() to make the functionality in LeftAndMain::getTemplatesWithSuffix() more open. 2013-12-01 07:42:37 +00:00
madmatt
bebe0f6e37 Updating @package and @subpackage doc tags 2013-11-29 17:49:30 +13:00
Cam Spiers
14486902fb Allow users to extend the SSTemplateParser by defining open & closed blocks
Currently the only way the extend SSTemplateParser is to define a class
extension of it and then tell the injector component to use your new
custom class. This new change allows a user to define new "open blocks"
and "closed blocks" for SSTemplateParser to use without needing to
recompile the real SSTemplateParser class.

The following example shows how the functionality can be used
to add a new <% minify %>…<% end_minify %> syntax to the template parser

In a config.yml file, define the new minify closed block to call the
static function "Minifier::minify"

```
Injector:
	SSTemplateParser:
		properties:
			closedBlocks:
				minify: "Minifier::minify"
```

Define a new class with the minify static method that returns the new
template code when regenerating templates:

```
class Minifier {
    public static function minify(&$res) {
        return <<<PHP
{$res['Template']['php']}
\$val = zz\Html\HTMLMinify::minify(\$val, array('optimizationLevel' => zz\Html\HTMLMinify::OPTIMIZATION_ADVANCED));
PHP;
    }
}
```
2013-11-04 14:24:58 +13:00
Ingo Schommer
2c145cd454 API JS i18n files with short locale names, generated by build task
The files are uploaded to transifex.com now, which means we needed
to consolidate the file names (= locales). Since Transifex doesn't allow
arbitrary JavaScript structures, we're using an intermediary JSON
format which gets transformed into the JS used by the framework.

See b59f3858af for generator logic.

Fixes https://github.com/silverstripe/silverstripe-framework/issues/2499
2013-10-25 12:05:46 +02:00
Cam Spiers
ac418ce99e Feature to allow that changing the SSTemplateParser through the Injector system
The motivation for this was to allow module developers to change what parser is used to parse SilverStripe templates.
This change enables people to compile their own version of the SilverStripe template parser and use it without modifying core files.
2013-10-18 12:42:39 +13:00
Simon Welsh
151baeede1 Correct line length and indentation 2013-08-21 18:54:05 +12:00
Jörn Röder
e2a43961d0 fixed undefined offset #2276 2013-07-28 19:39:40 +02:00
Jeremy Thomerson
f6ff39369f FEATURE: <% include %> inherits iterator scope of parent template 2013-07-07 12:39:42 +00:00
Ingo Schommer
429bbc5223 Merge pull request #2137 from jthomerson/pulls/fix_viewable_data_wrapped_value
FIX: ViewableData wasn't setting values when using default cast
2013-07-02 00:40:56 -07:00
Hamish Friedlander
ae3e3f3b44 FIX Arguments to method calls reseting scope 2013-06-25 17:35:16 +12:00
CheeseSucker
b52087105c FIX: ViewableData::obj() would sometimes return an empty object
For instance, this happens when these criteria are met:
  1) No casting has been specified for a method in $casting.
  2) A template accesses the field without any casting
  3) Any casts by the template will now yield an empty object.

After a brief look at the commit history, it can seem like this bug is several years old, unless it is a side-effect of other changes in the code.

== Steps to reproduce ==
Add two methods to be accessed by a template. Make sure you do not define an entry in $casting for them:
	public function Testus() {
		return "Te<x>t1";
	}

	public function Testus2() {
		return "Te<x>t2";
	}

Add this to a template:
	<p>
		First access:<br />
		"$Testus" : "$Testus.XML"<br />
		"$Testus2.XML" : "$Testus2"<br />
	</p>
	<p>
		Second access:<br />
		"$Testus" : "$Testus.XML"<br />
		"$Testus2.XML" : "$Testus2"<br />
	</p>

Open the page in a browser, and you will get:
 First access:
"Tet1" : ""
"Te<x>t2" : "Tet2"

Second access:
"Tet1" : ""
"" : "Tet2"

We see that any cast can yield an empty string.
2013-06-21 16:16:49 +00:00
Sam Minnee
526b40414a FIX: Ensure that actions inferred from templates with the "_action" suffix also respect allowed_actions.
FIX: Ensure SSViewer::hasTemplate() is aware of themes.

To do this, RequestHandler::definingClassForAction() has been created, splitting out the code that looks up the class that defines a given action into its own method.  This is then overridden in Controller to look at templates.
2013-06-19 20:11:50 +12:00
Jeremy Thomerson
4c0b452c0f ENHANCEMENT: allow overridable JS/CSS minification
This allows someone to extends Requirements_Backend and plug in their own minification
of files, including CSS minification.  It also allows them to override whether or not
the header comment is written for each file.
2013-06-04 12:52:11 +00:00
Colin Richardson
b2934d7ebf FIX: exclude directory from available themes when underscore is first character
Change FALSE to lowercase
2013-05-23 16:49:35 +01:00
Ingo Schommer
3b02d22989 Merge remote-tracking branch 'origin/3.0' into 3.1
Conflicts:
	dev/CsvBulkLoader.php
2013-05-09 10:34:20 +02:00
Ingo Schommer
cef955c8b9 Removed stray ampersand in Requirements (fixes #1809)
Only happens with suffix_requirements=true
2013-04-30 00:35:25 +02:00
Zauberfisch
034f575003 MINOR: if no doctyle is set, include comments inside <html>
MINOR: if <html> tag is inside a html comment do not add a comment
2013-04-22 18:16:09 +00:00
Zauberfisch
94b37f9c85 MINOR: moved includeDebuggingComments logic into own method to allow separated tests 2013-04-22 14:12:43 +00:00
Zauberfisch
7c66e8e7a2 API: try to place source_file_comments after doctype instead of html 2013-04-22 13:53:20 +00:00
Sam Minnee
eb583c5f14 NEW: Added DataObject::getQueriedDatabaseFields() as faster alternative to toMap()
API: CompositeDBField::setValue() may be passed an object as its second argument, in addition to array.

These changes provide a 15% - 20% performance improvement, and as such justify an small API change in the 3.0 branch. It will likely affect anyone who has created their own composite fields, which is fortunately not all that common.
2013-04-21 13:39:11 +12:00