Commit Graph

255 Commits

Author SHA1 Message Date
Sean Harvey
9048eab4a2 Merge branch '3.1' 2014-02-12 11:06:54 +13:00
Ingo Schommer
71f6f8afc9 Injector updateSpec() instanciation (fixes #2829) 2014-02-07 17:00:27 +13:00
Ingo Schommer
4af9143d3b Merge remote-tracking branch 'origin/3.1'
Conflicts:
	docs/en/misc/contributing/code.md
2014-02-07 16:43:22 +13:00
Ingo Schommer
457ec9446b Merge pull request #2700 from ajshort/injector-factory
Injector Factory
2014-02-03 16:50:15 -08:00
Ingo Schommer
0d7e9a9692 Merge remote-tracking branch 'origin/3.1'
Conflicts:
	_config/routes.yml
	docs/en/topics/datamodel.md
	forms/DropdownField.php
2014-02-04 08:19:04 +13:00
Andrew Short
2f817ba177 NEW: Allow specifying a factory to use for creating services.
A service factory can be used for creating instances where a non-trivial
construction process is required. This is done by adding a `factory`
key to the service definition.
2014-02-03 11:30:22 +11:00
Ingo Schommer
ab070944d5 Merge branch 'pulls/apidocs-package-list' of https://github.com/madmatt/silverstripe-framework into madmatt-pulls/apidocs-package-list
Conflicts:
	view/SSTemplateParser.php
	view/SSTemplateParser.php.inc
2014-01-31 15:15:59 +13:00
Marcus Dalgren
9934230ad8 Fix Session::set_cookie_domain 2014-01-17 15:27:51 +01:00
Will Rossiter
c61f6540fb BUG Add support for X-Forwarded-Proto checking SSL (Fixes #1416)
De-facto standard for identifying the originating protocol of an HTTP request through a reverse proxy or load balancer.

http://www.geekisp.com/faq/6_65_en.html
2014-01-12 18:05:09 +13:00
Ingo Schommer
6176d65bd2 Merge remote-tracking branch 'origin/3.1'
Conflicts:
	forms/gridfield/GridFieldSortableHeader.php
	model/DataList.php
	model/fieldtypes/Enum.php
2013-12-02 20:49:34 +01:00
Andrew Short
aeb8814ddc Don't set all injector instances to the global instance. 2013-12-01 22:24:40 +11:00
madmatt
bebe0f6e37 Updating @package and @subpackage doc tags 2013-11-29 17:49:30 +13:00
Loz Calver
c8caeb8154 Add X-Backurl header to CMS ajax requests 2013-11-15 09:20:53 +00:00
Andrew Short
bedf292612 Merge branch '3.1'
Conflicts:
	docs/en/reference/execution-pipeline.md
	lang/nl.yml
2013-11-11 18:18:25 +11:00
Ingo Schommer
9d550f8938 Fixed merge error 2013-11-06 09:46:30 +01:00
Ingo Schommer
91f6039eed Merge remote-tracking branch 'origin/3.0' into 3.1
Conflicts:
	control/Director.php
2013-11-05 10:15:40 +01:00
Sean Harvey
d8f29fcc04 Merge pull request #2236 from chillu/pulls/isdev-infinite-loop
FIX Avoid infinite loops on ?isDev=1 and Deprecation class
2013-10-31 15:59:31 -07:00
Ingo Schommer
b56ca812dc Merge remote-tracking branch 'origin/3.1'
Conflicts:
	tests/security/MemberTest.php
2013-10-23 14:53:29 +02:00
Andrew Short
156bb87d57 FIX: Move stage choosing into a pre-request filter.
This ensures that the correct stage is selected, even if the request
does not come through the model as controller system. This fixes an
issue where custom controllers would always be on the "Stage" stage.
2013-10-23 18:29:13 +13:00
Andrew Short
e7c8fed6ab FIX: Move stage choosing into a pre-request filter.
This ensures that the correct stage is selected, even if the request
does not come through the model as controller system. This fixes an
issue where custom controllers would always be on the "Stage" stage.
2013-10-23 18:22:15 +13:00
Devlin
112e08e5f2 FIX Session::get_timeout 2013-10-22 14:20:18 +02:00
Ingo Schommer
25b6175e67 Merge remote-tracking branch 'origin/3.1'
Conflicts:
	.travis.yml
	forms/FormField.php
2013-10-20 13:52:56 +02:00
Hamish Friedlander
8801a50704 FIX oembed to avoid mixed media issues 2013-10-17 17:06:40 +13:00
Marcus Nyeholt
7bcb180f27 BUG Director::test now calls RequestProcessor
This fixes https://github.com/silverstripe/silverstripe-framework/issues/2517
and provides some testing around the use of RequestProcessor in general.
2013-10-15 07:53:34 +11:00
Ingo Schommer
b367dd6237 API Removed Member.LastVisited and Member.NumVisits 2013-10-10 12:35:07 +02:00
Ingo Schommer
f6035505c1 Removed accidental artifacts 2013-10-10 12:11:26 +02:00
Ingo Schommer
cd225f0fa4 No HTML entities in "Groups" ListboxField (fixes #2513) 2013-10-10 12:08:16 +02:00
Ingo Schommer
60fc7e5346 Merge remote-tracking branch 'origin/3.1' 2013-10-06 19:07:39 +02:00
Ingo Schommer
37ada61282 Merge pull request #2448 from g4b0/content-negotiator-object
BUGFIX: added <param> tag to ContentNegotiator filtering
2013-10-02 06:22:37 -07:00
Ingo Schommer
c7f656cd00 API Removed "PastMember" cookie and template getter
The functionality is easy to replicate in custom controllers,
and is too rarely used to be placed in core.

This also removes the `Member::is_repeat_member()` getter
and the `PastMember`/`IsRepeatMember` template globals.

See https://groups.google.com/forum/#!topic/silverstripe-dev/b8K3wU64TXg
2013-09-27 20:06:25 +02:00
Ingo Schommer
455e550d9a Merge remote-tracking branch 'origin/3.1'
Conflicts:
	docs/en/topics/testing/create-silverstripe-test.md
	forms/Form.php
	i18n/i18n.php
	model/Image.php
2013-09-27 19:22:14 +02:00
Sean Harvey
f8eaf81ae2 Merge branch '3.1.0' into 3.1 2013-09-23 17:13:09 +12:00
Damian Mooyman
477c3c9de6 BUG Fix regression introduced in #2356 (method call on non-object) 2013-09-23 13:32:55 +12:00
Ingo Schommer
5b3f8bc04d Merge pull request #2435 from hafriedlander/fix/join_links_query_params
FIX Use last of duplicate query params in join_links
2013-09-20 02:27:49 -07:00
Hamish Friedlander
a8c1dd7f53 FIX Use last of duplicate query params in join_links
When using Controller::join_links to join two links with identical query
params, both query params would be used in the result, ending up with
links that look like `../edit/show/14?locale=en_NZ&locale=mi_NZ`

This patch eliminates duplicate query params, so only the last one
for any key is present in the output.
2013-09-20 11:33:03 +12:00
g4b0
de10471c7e BUGFIX: added <param> tag to ContentNegotiator filtering 2013-09-19 17:30:36 +02:00
Will Rossiter
63778550e5 FIX: Follow internal redirections for cli operations. 2013-09-16 20:11:28 +12:00
Will Rossiter
2c11710832 Fix for duplicate class definition introduced in ddcfcf7. 2013-09-13 19:26:06 +12:00
Mateusz Uzdowski
1461ae9e4c BUG Fix regression in IE no-cache https file downloads.
Currently IE6-8 will refuse to download files over HTTPS with default
Framework settings.

Currently the HTTP::add_cache_headers competely overrides Cache-Control
headers on each request, so there is no way to inject custom headers
from the API-consuning methods.

Also of note: adding no-store header also fixes the issue but will
prevent proxies from caching the request body (which they do when using
no-cache). So the setting max-age to some low number is a better choice
here.
2013-08-26 17:15:58 +12:00
Ingo Schommer
9d764d6794 FIX Avoid infinite loops on ?isDev=1 and Deprecation class
If any of the functionality triggered by Director::isDev()
was causing deprecation errors, the system would go into
an infinite loop. Since the only way to cause this is the DB
checking functionality, we disable that for Deprecation.
Side effect of this change: You can't show deprecation notices
on a live site by forcing the session into dev mode.
2013-07-17 11:55:19 +02:00
Andrew Short
bfdf14fafa Merge branch '3.1' 2013-07-09 13:42:32 +10:00
Sam Minnée
ecf8f273c0 Merge pull request #2201 from hafriedlander/fix/session
Fixes to session, primarily around cookie_secure
2013-07-06 18:59:07 -07:00
Hamish Friedlander
d629d9422f FIX Session::$cookie_secure so Sessions still work via HTTP
Session::$cookie_secure adds the secure property to the session Set-Cookie
command, so that the browser wouldnt send it to the server over an unencrypted
link. However the server would still send the cookie to the browser
unencrypted. Also Sessions would stop working properly in HTTP,
but SilverStripe needs them for several things, such as form validation

This patch effectively causes HTTP and HTTPS requests to each have
their own session when cookie_secure is true. The two sessions are
independant from each other, so information set in the session via
HTTPS is safe from attacks on the session via HTTP, but parts
of the site that use HTTP and the session will still work
2013-07-07 09:12:10 +12:00
Hamish Friedlander
2886f6ee14 FIX Session was started every time, even if no data set
Session tracks the user agent in the session, to add some detection of
stolen session IDs. However this was causing a session to always be
created, even if this request didnt store any data in the session.
2013-07-07 09:12:10 +12:00
Hamish Friedlander
c6b4d993cc FIX Director::forceSSL and forceWWW not setting Vary header
If you have a Varnish box in front of a SilverStripe install, and
you call forceSSL, the Vary header wouldnt get sent. As a result
Varnish would respond with the same redirect reponse after the
redirect, leading to an infinite loop
2013-07-06 15:24:01 +12:00
Simon Welsh
fbce9fd7cd Merge branch '3.1'
Conflicts:
	.travis.yml
	docs/en/misc/contributing/code.md
	javascript/HtmlEditorField.js
2013-07-05 10:22:58 +12:00
Damian Mooyman
11f4b2c620 API HTTP::urlRewriter with (string)$code deprecated in 3.1. Fixed regressions and CSS urls.
urlRewriter will expect a callable as a second parameter,
but will work with the current api and simply raise a deprecation error.

HTTP::absoluteURLs now correctly rewrites urls into absolute urls. Resolves introduced in c56a80d6ce

HTTP::absoluteURLs now handles additional cases where urls were not translated.

Test cases for HTTP::absoluteURLs added for both css and attribute links.

Cleaned up replacement expression and improved documentation.
2013-07-05 09:08:58 +12:00
Simon Welsh
9deb11f9a0 Use preg_replace_callback over preg_replace with e modifier 2013-07-05 09:08:58 +12:00
Sean Harvey
7349682d44 Merge pull request #2145 from tractorcow/3.1-controller-redirect
Controller::redirect now returns the resulting SS_HTTPResponse
2013-06-24 14:16:18 -07:00
Ingo Schommer
fb784af738 API Enforce $allowed_actions in RequestHandler->checkAccessAction()
See discussion at https://groups.google.com/forum/?fromgroups#!topic/silverstripe-dev/Dodomh9QZjk

Fixes an access issue where all public methods on FormField were allowed,
and not checked for $allowed_actions. Before this patch you could e.g.
call FormField->Value() on the first field by using action_Value.

Removes the following assertion because it only worked due to RequestHandlingTest_AllowedControllerExtension
*not* having $allowed_extensions declared: "Actions on magic methods are only accessible if explicitly allowed on the controller."
2013-06-24 14:50:40 +02:00