Commit Graph

11179 Commits

Author SHA1 Message Date
Graeme Smith
a1114b8fcb MINOR: Correct exception message in constructor 2013-02-18 15:01:48 +00:00
Ingo Schommer
43fb566388 Note about RestfulService SSL verification in upgrading guide 2013-02-18 15:59:15 +01:00
Ingo Schommer
0c6ac1960e Fixed whitespace usage 2013-02-18 15:43:52 +01:00
Ingo Schommer
fe04753be2 Merge branch '3.1.0-beta2' into 3.1 2013-02-18 15:37:35 +01:00
Ingo Schommer
14dcc82e76 BUG Find Form actions in CompositeFields for access checks
This bug was introduced with the new nested CMS actions
around December 2012, but wasn't noticed until now
because checkAccessAction() would wrongly return TRUE
before the dataFieldByName() check was reached.
2013-02-18 15:30:36 +01:00
Ingo Schommer
92458d9f43 Fixed line lengths 2013-02-18 14:41:49 +01:00
Ingo Schommer
bb724c43b9 Merge pull request #1142 from chillu/pulls/remove-auto-controller-routing
API Removed auto-routing of controller name
2013-02-18 05:30:37 -08:00
Ingo Schommer
957469d770 API Removed auto-routing of controller name
Use custom routing rules to achieve this effect (see changelog)
2013-02-18 14:29:47 +01:00
Ingo Schommer
a841f22004 Hardcode travis branch on dependencies, otherwise breaks pull request builds
Pull requests are always on a branch, and this branch
typically is not present on the installer.

This changes means we need to be careful when merging into 3.1
and master, but that's a necessary evil.
2013-02-18 14:19:36 +01:00
Ingo Schommer
af96432c1e Merge remote-tracking branch 'origin/3.1'
Conflicts:
	api/RSSFeed.php
2013-02-18 14:18:54 +01:00
Ingo Schommer
a86e4ee00c Merge remote-tracking branch 'origin/3.0' into 3.1
Conflicts:
	tests/injector/InjectorTest.php
	tests/travis/before_script
2013-02-18 14:15:42 +01:00
Ingo Schommer
6c30b80257 Hardcode travis branch on dependencies, otherwise breaks pull request builds
Pull requests are always on a branch, and this branch
typically is not present on the installer.

This changes means we need to be careful when merging into 3.1
and master, but that's a necessary evil.
2013-02-18 14:14:30 +01:00
Ingo Schommer
9e2e050f20 Hardcode travis branch on dependencies, otherwise breaks pull request builds
Pull requests are always on a branch, and this branch
typically is not present on the installer.

This changes means we need to be careful when merging into 3.1
and master, but that's a necessary evil.
2013-02-18 14:13:07 +01:00
Ingo Schommer
88867cdd23 API Deprecated ScheduledTask and subclasses
Base CliController or BuildTask instead, with custom cron job intervals.
2013-02-18 14:01:15 +01:00
Daniel Hensby
8d32ae954b BUG setBody on SS_HTTPRequest is a function
When settingt he cached body on the RESTfulService_Response, the setBody should be a function call, not a variable assignment
2013-02-18 11:55:11 +00:00
Ingo Schommer
2b3098a3f4 Merge pull request #1194 from ARNHOE/patch-4
Create nl_NL.js for framework admin
2013-02-18 03:15:20 -08:00
ARNHOE
924c76ccb1 Create nl_NL.js 2013-02-18 03:13:09 -08:00
Ingo Schommer
2ee57eb715 Merge pull request #1193 from ARNHOE/patch-3
Update javascript/lang/nl_NL.js
2013-02-18 03:11:47 -08:00
ARNHOE
823b2acda3 Update javascript/lang/nl_NL.js 2013-02-18 12:09:38 +01:00
Ingo Schommer
89f963c468 Merge pull request #1191 from ARNHOE/patch-1
Create nl.js for ssbuttons
2013-02-18 02:26:33 -08:00
Ingo Schommer
32943dff1b Merge pull request #1192 from ARNHOE/patch-2
Create nl.js for ssmacron
2013-02-18 02:25:58 -08:00
ARNHOE
7e88e67621 Create nl.js 2013-02-18 02:20:50 -08:00
ARNHOE
70d20ada3a Create nl.js 2013-02-18 02:20:02 -08:00
Simon Welsh
b81386a431 Correct check for File subclass 2013-02-18 17:35:17 +13:00
Hamish Friedlander
7ec8ebbf9e Add 3.1.0-beta2 changelog 2013-02-18 17:09:22 +13:00
Hamish Friedlander
baf894d84a FIX CDATA sections in HTML5 are invalid so remove from test 2013-02-18 17:02:11 +13:00
Hamish Friedlander
1f4c8174e6 FIX new ShortcodeParser handling of empty strings and escapes 2013-02-18 17:00:42 +13:00
Sean Harvey
db56d17056 Merge pull request #1190 from silverstripe-rebelalliance/feature/shortcodes
NEW Make shortcode parser more clever about placement
2013-02-17 19:00:14 -08:00
Hamish Friedlander
9ecea763c3 Merge pull request #1186 from nyeholt/injector_configged_create
FIX issue with Injector::create not passing args
2013-02-17 18:38:24 -08:00
Hamish Friedlander
f4f2862188 Fix up /dev/build which should really have ever worked, but used to 2013-02-18 15:08:15 +13:00
Hamish Friedlander
4b54383d68 API change request handling to be more orthogonal
RequestHandler#handleAction now exists. It takes the request, and
the action to call on itself. All calls from handleRequest to call an action
will go through this method

Controller#handleAction has had it's signature changed to
match new RequestHandler#handleAction

RequestHandler#findAction has been added, which extracts the
"match URL to rules to find action" portion of RequestHandler#handleRequest
into a separate, overrideable function

GridField#handleAction has beeen renamed to handleAlterAction and
CMSBatchActionHandler#handleAction has been renamed to handleBatchAction to
avoid name clash with new RequestHandler#handleAction

Reason for change: The exact behaviour of request handling depended heavily
on whether you inherited from RequestHandler or Controller, and whether the
rule extracted it's action directly (like "foo/$ID" => 'foo') or dynamically
(like "$Action/$ID" => "handleAction"). This cleans up behaviour so
all calls follow the same path through handleRequest and handleAction, and
the additional behaviour that Controller adds is clear.
2013-02-18 14:56:04 +13:00
Hamish Friedlander
5fd55a50f2 API Tighten up allowed_actions
allowed_actions is now only allowed to reference public methods defined
on the same Controller as the allowed_actions static, and
the wildcard "*" has been deprecated
2013-02-18 14:53:33 +13:00
Hamish Friedlander
7efae6b95f Merge remote-tracking branch 'origin/3.0' into 3.1 2013-02-18 14:31:57 +13:00
Ingo Schommer
37b8034462 Fixed changelog 2013-02-18 01:34:51 +01:00
Ingo Schommer
ad9f26a00f Updated changelog 2013-02-18 01:29:30 +01:00
Ingo Schommer
eafafb31e3 Fixed screen.css (wrong compilation) 2013-02-18 01:28:17 +01:00
Ingo Schommer
62987139d4 Updated changelog 2013-02-18 01:19:33 +01:00
Ingo Schommer
d3d0b21e80 Updated translations 2013-02-18 01:17:30 +01:00
Ingo Schommer
56ad1d027e Updated changelog 2013-02-18 01:03:57 +01:00
Ingo Schommer
190e0b8a47 Add ContentController->handleWidget() to $allowed_actions
Required by recent $allowed_actions security fix
2013-02-18 00:10:06 +01:00
Ingo Schommer
30096ee730 BUGFIX Keep Member.PasswordEncryption setting on empty passwords
This will prevent empty passwords to set the encryption to 'none',
which in turn will store any subsequent password changes in cleartext.
Reproduceable e.g. with ConfirmedPasswordField and setCanBeEmpty(true).
2013-02-17 23:30:41 +01:00
Ingo Schommer
d51e0bc2ec Improved docs on $allowed_actions
Added section to "Controllers" and "Form" topics,
added $allowed_actions definitions to all controller examples
2013-02-17 23:30:40 +01:00
Ingo Schommer
f06ba70fc9 BUG Undefined $allowed_actions overrides parent definitions, stricter handling of $allowed_actions on Extension
Controller (and subclasses) failed to enforce $allowed_action restrictions
on parent classes if a child class didn't have it explicitly defined.

Controllers which are extended with $allowed_actions (through an Extension)
now deny access to methods defined on the controller, unless this class also has them in its own
$allowed_actions definition.
2013-02-17 23:30:36 +01:00
Ingo Schommer
303352926b 3.0.4 changelog update 2013-02-17 23:28:22 +01:00
Ingo Schommer
f8bbc0a726 BUGFIX Escape HTML in DropdownField and ListboxField
Fixes reflected XSS in Group titles when using
in group selections (e.g. in "New Member" form).
2013-02-17 23:27:15 +01:00
Ingo Schommer
604ede30a4 BUGFIX Escape HTML in CMS status messages 2013-02-17 23:27:15 +01:00
Ingo Schommer
7bb0bbff0e BUGFIX Fixed XSS in admin/security and "My Profile" forms 2013-02-17 23:27:15 +01:00
Ingo Schommer
eecd34868f BUGFIX Keep Member.PasswordEncryption setting on empty passwords
This will prevent empty passwords to set the encryption to 'none',
which in turn will store any subsequent password changes in cleartext.
Reproduceable e.g. with ConfirmedPasswordField and setCanBeEmpty(true).
2013-02-17 23:16:25 +01:00
Ingo Schommer
3e27d27f7a Improved docs on $allowed_actions
Added section to "Controllers" and "Form" topics,
added $allowed_actions definitions to all controller examples
2013-02-17 23:16:25 +01:00
Ingo Schommer
50995fbecb BUG Undefined $allowed_actions overrides parent definitions, stricter handling of $allowed_actions on Extension
Controller (and subclasses) failed to enforce $allowed_action restrictions
on parent classes if a child class didn't have it explicitly defined.

Controllers which are extended with $allowed_actions (through an Extension)
now deny access to methods defined on the controller, unless this class also has them in its own
$allowed_actions definition.
2013-02-17 23:16:22 +01:00