Ingo Schommer
debd81d380
Merge pull request #2453 from chillu/pulls/escape-3.1.0
...
Escaping 3.1
2013-09-25 16:02:45 -07:00
Ingo Schommer
c243418597
API Escape form validation messages (SS-2013-008)
2013-09-24 21:54:31 +02:00
Ingo Schommer
2b7a2a289e
API Escape form validation messages (SS-2013-008)
2013-09-24 21:41:21 +02:00
Ingo Schommer
48021e9fd3
Merge pull request #2166 from dhensby/patch-2
...
FormFields now allow setting of extra CSSClasses en masse
2013-09-24 11:50:01 -07:00
Ingo Schommer
1bb993b0b3
Form errors in LeftAndMain response negotiation
...
The session key for form errors changed from "Form_EditForm" to "CMSForm_EditForm",
causing a mismatch. See https://github.com/silverstripe/silverstripe-framework/pull/2084/files#r6338249 for discussion
2013-09-18 14:30:37 +02:00
Ingo Schommer
cc33427218
Merge pull request #2123 from willmorgan/forajaxtemplate-session-message
...
MINOR clear session message whenever forAjaxTemplate is used
2013-07-10 16:04:48 -07:00
Simon Welsh
fbce9fd7cd
Merge branch '3.1'
...
Conflicts:
.travis.yml
docs/en/misc/contributing/code.md
javascript/HtmlEditorField.js
2013-07-05 10:22:58 +12:00
Daniel Hensby
336ddf1a55
FormFields now allow setting of extra CSSClasses en masse
...
Each CSS class passed in to `addExtraClass` or `removeExtraClass` will be set as their own key in the `extraClasses` array
Also make `Form` consistent with `FormField`
2013-06-29 13:27:26 +01:00
Ingo Schommer
09b31c642f
Allow Form->forTemplate() URL access ( fixes #788 )
...
Need to specifically whitelist URL-accessible actions now.
Used in "Insert Link" form in HtmlEditorField.
Regression from 1edf45fbed
2013-06-25 16:33:00 +02:00
Ingo Schommer
fb784af738
API Enforce $allowed_actions in RequestHandler->checkAccessAction()
...
See discussion at https://groups.google.com/forum/?fromgroups#!topic/silverstripe-dev/Dodomh9QZjk
Fixes an access issue where all public methods on FormField were allowed,
and not checked for $allowed_actions. Before this patch you could e.g.
call FormField->Value() on the first field by using action_Value.
Removes the following assertion because it only worked due to RequestHandlingTest_AllowedControllerExtension
*not* having $allowed_extensions declared: "Actions on magic methods are only accessible if explicitly allowed on the controller."
2013-06-24 14:50:40 +02:00
Will Morgan
a99b430fec
Clearing the session message whenever forAJAXTemplate is used.
2013-06-19 14:03:35 +01:00
Ingo Schommer
94b4237372
Merge remote-tracking branch 'origin/3.1'
2013-06-19 11:17:33 +02:00
Ingo Schommer
63eb9518d2
Consistent Form setters (returning $this on setHTMLID())
2013-06-13 07:51:08 +02:00
Ingo Schommer
bfff11eb9c
API New CMSForm class to allow validation responses in CMS ( fixes #1777 )
...
Thanks to @willmorgan for getting this discussion started
(see https://github.com/silverstripe/sapphire/pull/1814 ).
2013-06-13 07:51:05 +02:00
Ingo Schommer
5a1d476e8d
Merge branch 'idvalidattr' of git://github.com/wilr/sapphire into wilr-idvalidattr
2013-05-31 19:27:19 +02:00
Ingo Schommer
88536998b9
Merge remote-tracking branch 'origin/3.1'
...
Conflicts:
.travis.yml
2013-05-31 18:08:59 +02:00
Will Rossiter
4921173209
Code formatting
2013-05-30 21:06:54 +12:00
Will Rossiter
c7468caeb6
FIX: Generate Form::FormName() through
2013-05-30 21:06:41 +12:00
Fred Condo
59657d94bb
Use upper case to represent HTTP methods for forms
...
Per [RFC 2616 section 5.1.1][ietf], HTTP methods are case-sensitive.
- Change the internal representation of the form's method to upper case
- Update FormTest to accommodate the case changes
- Change method to lower case for HTML in Form#getAttributesHTML()
[ietf]: http://tools.ietf.org/html/rfc2616#section-5.1.1
2013-05-28 17:51:56 -07:00
Will Rossiter
ca87b8b794
API: Form Field ID attribute should follow HTML specification
...
Fixes: http://open.silverstripe.org/ticket/4431 .
Changes Form and Form Field classes to make use of Convert::raw2htmlid() which follows http://www.w3.org/TR/REC-html40/types.html#type-cdata .
Introduces a FormTemplateHelper class to assist in these sort of updates in the future.
2013-05-26 11:11:55 +12:00
uniun
5596442081
FIX: Form::set_current_action() never gets called.
2013-05-24 11:25:36 +03:00
Ingo Schommer
14c59be85e
API Form::setStrictFormMethodCheck() and strict argument to setFormMethod()
...
Thanks to @sminnee for getting this started
2013-05-08 10:25:13 +02:00
Will Morgan
9732a7fb3b
Fixing typo on Validator exception message
2013-04-24 18:50:40 +02:00
uniun
4d70daa9e2
BUG: HiddenFields and VisibleFields should always return extraFields
...
HiddenFields() and VisibleFields() should always return extraFields, e.g. HiddenFields doesn't return SecurityID if it is called before Fields().
2013-04-17 20:31:17 +02:00
Ingo Schommer
3334eafcb1
API Marked statics private, use Config API instead ( #8317 )
...
See "Static configuration properties are now immutable, you must use Config API." in the 3.1 change log for details.
2013-03-24 17:20:53 +01:00
Ingo Schommer
0a9f3b75a9
Fixed deprecated usage of <% control %>
2013-03-19 12:58:14 +01:00
Ingo Schommer
25af4adce2
Merge tag '3.0.5' into 3.0
2013-02-20 02:21:41 +01:00
Ingo Schommer
16d0c188ee
BUG Find Form actions in CompositeFields for access checks
...
This bug was introduced with the new nested CMS actions
around December 2012, but wasn't noticed until now
because checkAccessAction() would wrongly return TRUE
before the dataFieldByName() check was reached.
2013-02-19 15:48:29 +01:00
Graeme Smith
a1114b8fcb
MINOR: Correct exception message in constructor
2013-02-18 15:01:48 +00:00
Ingo Schommer
14dcc82e76
BUG Find Form actions in CompositeFields for access checks
...
This bug was introduced with the new nested CMS actions
around December 2012, but wasn't noticed until now
because checkAccessAction() would wrongly return TRUE
before the dataFieldByName() check was reached.
2013-02-18 15:30:36 +01:00
Ingo Schommer
92458d9f43
Fixed line lengths
2013-02-18 14:41:49 +01:00
Ingo Schommer
634c91c6ff
Merge remote-tracking branch 'origin/3.0' into 3.1
...
Conflicts:
email/Mailer.php
2013-01-30 12:46:24 +01:00
Sam Minnee
9a2ba483df
BUGFIX: Made CSRF-error wording friendlier.
2013-01-29 18:03:49 +01:00
Simon Welsh
3439e30ac1
Corrects indentation and line length
2013-01-24 19:56:02 +13:00
Ingo Schommer
37f4d2e21f
Merge remote-tracking branch 'origin/3.0' into 3.1
2013-01-21 11:15:17 +01:00
Ingo Schommer
c11b3918fc
Merge remote-tracking branch 'origin/3.0' into 3.1
...
Conflicts:
admin/css/screen.css
admin/scss/_style.scss
core/PaginatedList.php
email/Mailer.php
2013-01-21 11:14:57 +01:00
Ingo Schommer
5d37d55f35
BUG Form session message clearing regression
...
Regression originally from 729bcc95
, but made visible by 014f541a8
2013-01-21 11:11:21 +01:00
Ingo Schommer
014f541a89
BUG Regression in Form->clearMessage() ( fixes #8186 )
...
See 729bcc9
2013-01-15 14:25:07 +01:00
Ingo Schommer
e7e6c45aee
Merge pull request #1082 from sminnee/form-improvements
...
Form improvements
2013-01-11 02:29:14 -08:00
Hamish Friedlander
2916f2043c
NEW: Improve HTTP caching logic to automatically disable caching for requests that use the session.
...
This improvement makes it easier to set a side-wide default cache time without needing to worry about CSRF-protected forms, etc.
2013-01-08 17:47:05 +13:00
Sam Minnee
729bcc95db
BUGFIX: Don't clear form messages unless forTemplate() is actually called.
...
BUGFIX: Clear session-stored form data as well as form error message.
2013-01-08 17:45:17 +13:00
Ingo Schommer
644cc79ebb
API Removed methods previously deprecated in 3.0
2012-12-14 01:16:47 +01:00
Simon Welsh
b0121b541c
Add codesniffer that ensures indentation is with tabs.
2012-12-12 17:33:31 +13:00
Simon Welsh
fc5dd2994c
Add codesniffer that ensures indentation is with tabs.
2012-12-12 00:12:11 +13:00
Ingo Schommer
c55c7c33f8
Merge branch '3.0'
...
Conflicts:
admin/code/CMSProfileController.php
composer.json
tests/model/DataObjectTest.php
2012-11-22 23:51:28 +01:00
Hamish Friedlander
0dd97a38f6
API: Form#loadDataFrom 2nd arg now sets how existing field data is merged with new data
2012-11-16 12:36:00 +13:00
Sean Harvey
b43b023c1e
Remove deprecated security token methods on Form
...
Use SecurityToken class directly instead
2012-11-15 14:43:18 +13:00
Sean Harvey
63820130c2
Remove deprecated Form::FormEncType(), use getEncType() instead
2012-11-15 14:43:17 +13:00
Sean Harvey
4e355bdb19
Removing deprecated methods on Form
...
Use FieldList API through Form::Fields() and Form::Actions() instead
2012-11-15 14:43:17 +13:00
Sam Minnee
1f7fc1f76a
FIX Remove instances of lines longer than 120c
...
The entire framework repo (with the exception of system-generated files) has been amended to respect the 120c line-length limit. This is in preparation for the enforcement of this rule with PHP_CodeSniffer.
2012-09-30 17:18:13 +13:00
Ingo Schommer
e2f073f38a
Method visibility according to coding conventions
2012-09-20 10:46:59 +02:00
unclecheese
e2c1deb4f7
MINOR Chainable Form->loadDataFrom()
2012-06-20 17:01:16 +02:00
Sean Harvey
7fe0858be1
API CHANGE Marked Form::unsetFieldFromTab() as deprecated. Please use
...
Fields() and the FieldList API instead.
2012-05-31 14:29:58 +12:00
Sean Harvey
a84ef8d8f3
MINOR Don't use template method Actions internally in Form
2012-05-24 10:49:47 +12:00
Sean Harvey
c7e0cee637
API CHANGE Add Form->getController() and use this instead of Controller::curr() in FileIFrameField
...
API CHANGE Add Form->getName() and deprecate Form->Name(), use getName() instead.
2012-05-24 10:46:57 +12:00
Ingo Schommer
c2339d2181
API CHANGE Removed FormResponse handling for erroneous ajax requests in Form->validate(), use javascript validation instead, or reload the whole form with new HTML including the error messages
2012-04-30 17:15:30 +02:00
Mateusz Uzdowski
b561786825
MINOR: change the ugly user-facing CSRF message to more friendly
...
User does not necessarily knows what CSRF is, and tends to get scared by
this, thinking he has abused something. On the other hand users tend to
know what session expiry means.
2012-04-26 13:57:16 +12:00
Ingo Schommer
ee70e0a5b7
MINOR Fixed returns of Form->unsetValidator()
2012-04-17 11:03:09 +02:00
Simon Welsh
3a6341a251
API-CHANGE sapphire folder can now be renamed.
2012-04-15 10:50:19 +12:00
Sam Minnee
1d5065f4a7
BUGFIX: Removed reference to non-existence function Form::handleAction().
2012-03-19 13:10:51 +13:00
Sam Minnee
067204d003
BUGFIX: Prevent 500 error when a HEAD request is sent to its action URL.
2012-03-19 09:26:20 +13:00
Sam Minnee
3d54668896
MINOR: Added explicit 'public' keyword on functions.
2012-03-09 15:42:31 +13:00
Sam Minnee
ba93028b01
API CHANGE: Added Form::VisibleFields() and FieldList::VisibleFields(), which list everything except hidden fields, to assist with the creation of custom form layouts.
2012-03-09 15:41:42 +13:00
Sean Harvey
9f3344b355
API CHANGE Removed built-in behaviour.js client-side form validation.
...
This is no longer supported. Please use custom client-side validation instead. (see 3.0.0 changelog
for more information)
2012-03-09 12:19:57 +13:00
Ingo Schommer
bcc73de85e
Merge branch '106-add-edit-records-rc'
...
Conflicts:
admin/code/LeftAndMain.php
admin/css/screen.css
admin/scss/_style.scss
admin/templates/Includes/LeftAndMain_EditForm.ss
css/GridField.css
filesystem/Folder.php
forms/gridfield/GridField.php
forms/gridfield/GridFieldDefaultColumns.php
forms/gridfield/GridFieldPopupForms.php
2012-02-27 23:58:10 +01:00
Ingo Schommer
7602d081a2
ENHANCEMENT Fluent interface in Form API by returning instance from all setters
2012-02-17 13:35:26 +01:00
Andrew O'Neil
a76c9c3c5e
BUGFIX Fix checkFieldsForAction() when working with tabs
2012-02-09 11:46:33 +13:00
Stig Lindqvist
39372497df
BUGFIX GridField_Actions did not work in more complex Forms with tabsets (i.e SecurityAdmin) when using GridField_Action
...
BUGFIX Empty GridState data causes isset error
BUGFIX Last field of GridFieldFilter outputs wrong label
2012-01-09 18:41:23 +13:00
Stig Lindqvist
3c516b7b97
API CHANGE: Refactored GridField modifiers into GridField_ColumnProvider, GridField_HTMLProvider, GridField_ActionProvider, and GridField_DataModifier interfaces, all added as components in the config.
...
API CHANGE: Simplified state handling so that it's just a key store. Affectors are replaced with GridField_ActionProviders. API CHANGE: Removed GridField state manipulation actions instead opting for GridField_ActionProvider actions.
API CHANGE: Removed support for modifiers that add "body" rows, instead having core support for generating the body rows hardcoded into the GridField.
API CHANGE: Allow modification of columns across the whole GridField with the GridField_ColumnProvider interface.
API CHANGE: Renamed GridField_AlterAction to GridField_Action, and added actionName/args parameters, since it can be used for all actions (including batch actions and row actions)
API CHANGE: Removed GridFieldRow class.
2012-01-09 13:30:34 +13:00
Ingo Schommer
72694d8349
ENHANCEMENT Custom form attributes through Form->setAttribute()
2012-01-02 16:49:33 +01:00
Ingo Schommer
b3c08dba12
API CHANGE Deprecated FieldSet-specific methods from Form, namely dateFieldByName(), unsetDataFieldByName(), unsetFieldFromTab(), resetField()
2012-01-02 16:47:59 +01:00
ajshort
3478e4f9e6
ENHANCEMENT: Made the form enctype configurable via a method Form->setEncType().
...
API CHANGE: Deprecated Form->FormEncType() in favour of Form->getEncType().
MINOR: Added enctypes as constants to the Form class.
2011-12-26 18:36:24 +11:00
Sam Minnee
ff9b9e17af
MINOR: Removed use of deprecated Director::redirect* functions.
2011-10-29 17:36:37 +13:00
Sam Minnee
a49b56a348
MINOR: Removed usage of deprecated FormField::Name()
2011-10-29 17:34:32 +13:00
Sam Minnee
e5afa25522
MINOR: Use Deprecation class to indicate deprecated methods in core.
2011-10-29 17:34:31 +13:00
Hamish Friedlander
0a3e0f15de
MINOR: Replace references to FieldSet (now deprecated) with references to FieldList
2011-10-28 15:58:55 +13:00
Will Rossiter
1732a17114
Merged new-orm into datagrid
2011-09-26 16:47:54 +13:00
Will Rossiter
2036354d8d
ENHANCEMENT: implemented CMSPageHistoryController with comparsion view, single version view into new CMSMain interface
2011-09-19 17:26:01 +02:00
Ingo Schommer
ce8e72cf0e
MINOR Removing executable flag from all files (thanks miiihi)
2011-09-18 22:04:02 +02:00
Sam Minnee
878b348a0f
Merge branch 'master' into new-orm
...
Conflicts:
docs/en/reference/built-in-page-controls.md
model/SQLQuery.php
2011-05-26 17:08:10 +12:00
Ingo Schommer
fbe4b3fbc9
BUGFIX Form::validate clears whole session incl. 'message' key, instead of overwriting specific keys ( fixes #6607 , thanks netnoise)
2011-05-17 20:51:38 +12:00
ajshort
1f6f7f0862
API CHANGE: Deprecated CompositeField->FieldSet() in favour of CompositeField->FieldList().
...
MINOR: Replaced usage of FieldSet with FieldList.
MINOR: Renamed FieldSetTest to FieldListTest.
2011-05-11 17:51:54 +10:00
Ingo Schommer
ce05ce78e5
BUGFIX Allow alternative (array-based) templates in Form->forTemplate()
2011-04-24 11:46:50 +12:00
Ingo Schommer
e4c586f78e
BUGFIX Checking for existence of FormAction in Form->httpSubmission() to avoid bypassing $allowed_actions definitions in controllers containing this form
...
BUGFIX Checking for $allowed_actions in Form class, through Form->httpSubmission()
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@115182 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-20 00:00:38 +00:00
Will Rossiter
815e9efd94
APICHANGE: removed page comments from core. Please see the github.com account for page comments functionality
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114821 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-11 05:43:08 +00:00
Sam Minnee
854e0e30b4
ENHANCEMENT Added Form->enableSecurityToken() as a counterpart to the existing disableSecurityToken() (from r113284)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114531 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:30:32 +00:00
Sam Minnee
9ec31acacb
ENHANCEMENT Added SecurityToken to wrap CSRF protection via "SecurityID" request parameter (from r113272)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114525 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:22:57 +00:00
Ingo Schommer
8b220b923a
ENHANCEMENT Using RandomGenerator in Form->getExtraFields() "SecurityID" token creation
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114498 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 00:18:48 +00:00
Sam Minnee
b40544e694
BUGFIX #6066 Form::__construct() should respect hasMethod on passed in Controller instance if it's available (thanks paradigmincarnate!) (from r111890)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112940 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-19 05:04:58 +00:00
Ingo Schommer
db460ed57f
MINOR Better error handling in Form::__construct() ( fixes #5649 ) (from r105912)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112511 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-15 02:54:02 +00:00
Ingo Schommer
4c2ff4bd0a
APICHANGE: refactored methods in session to use coding conventions (from r105756)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112502 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-15 02:50:43 +00:00
Ingo Schommer
d2c096119c
BUGFIX Fixed double pragma after referer redirection on forms with Form->httpSubmission() ( fixes #5509 , thanks ktauber) (from r103936)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112325 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-14 23:51:55 +00:00
Ingo Schommer
6460d09570
MINOR Fixed phpdoc documentation
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@103385 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-04-23 00:11:41 +00:00
Ingo Schommer
a78ffb7532
BUGFIX: Let FieldMap access non-data fields too (from r95825) (from r98095)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@102587 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-04-13 02:05:57 +00:00
Ingo Schommer
08b00bd5f4
MINOR Fixed setForm() invocation in Form::__construct() (see #4558 , thanks ajshort) (from r97483)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@102498 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-04-12 21:19:38 +00:00
Sean Harvey
99c4609806
MINOR Fixed misspelled acronym for "Cross-site request forgery" (from r94420)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@95608 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-12-16 05:40:46 +00:00
Andreas Piening
e3f4c266e3
BUGFIX: use second argument only if its an array
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@90927 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-11-05 20:31:41 +00:00
Sam Minnee
050b6057ce
API CHANGE: Allow fieldList arguments to Form::loadDataFrom() and Form::saveInto(), for situations where the data passed only applies to a segment of the form.
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@90872 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-11-05 01:55:27 +00:00
Sam Minnee
e3fa5cae7f
BUGFIX: Fix Form.FieldMap, used when constructing forms that have the HTML explicitly specified.
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@90851 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-11-05 01:14:54 +00:00
Andrew Short
79773042be
API CHANGE: Renamed conflicting classes to have an "SS_" namespace, and renamed existing "SS" namespace to "SS_". The affected classes are: HTTPRequest, HTTPResponse, Query, Database, SSBacktrace, SSCli, SSDatetime, SSDatetimeTest, SSLog, SSLogTest, SSLogEmailWriter, SSLogErrorEmailFormatter, SSLogErrorFileFormatter, SSLogFileWriter and SSZendLog.
...
MINOR: Replaced usage of renamed classes with the new namespaced name.
From: Andrew Short <andrewjshort@gmail.com>
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@90075 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-10-26 03:06:31 +00:00