Commit Graph

2373 Commits

Author SHA1 Message Date
Sean Harvey
0e07f1a7f5 Merge remote-tracking branch 'origin/3.0' into 3.1 2014-08-22 17:50:36 +12:00
Ingo Schommer
1661213e5b FIX Opt-out pf form message escaping (fixes #2796)
This fixes a limitation introduced through http://www.silverstripe.org/ss-2013-008-xss-in-numericfield-validation/.
Form messages used to accept HTML, now they’re escaped by default, effectively removing the ability
to pass in HTML and take care of escaping manually.

We pass through HTML to message in core through the CTF system, so this needs to be fixed.
It’s an alternative fix to https://github.com/silverstripe/silverstripe-framework/pull/2803.
2014-08-22 16:59:34 +12:00
Sean Harvey
8063b349c8 BUG Fixing Director::test() failing on BASE_URL prefixed URLs
Example: you have a site in a sub-directory off the webroot, you call
->Link() on a SiteTree record, which returns "/[sitedir]/my-page", and
you pass this URL to Director::test(). It's a valid URL, but
Director::test() will throw a 404.

Director::test() should be ensuring that all URLs passed to it are
properly made relative, not just in the case where it thinks the URL
is absolute.
2014-08-22 15:21:53 +12:00
Damian Mooyman
aec8430395 Merge pull request #3393 from halkyon/flushable
NEW Provide a consistent way of triggering flush
2014-08-22 10:28:26 +12:00
Sean Harvey
2b316e79e5 NEW Provide a consistent way of triggering flush
Provides an interface for classes to implement their own flush()
functionality. This function gets called early in a request on
all implementations of Flushable when flush=1|all is requested in the
URL.

This fix came out of an issue where Requirements combined files were not
being cleaned up after dev/build?flush=1, due to the fact that flush
would only occur when you called it while on a page that used those
combined files, but not in any other contexts. This will now call flush
on any implementors of Flushable regardless of the context of where
flush was called.
2014-08-22 09:24:27 +12:00
Devlin
4178f7beb0 test all generate methods and formatted image deletetions 2014-08-19 10:12:47 +02:00
Sean Harvey
5f1552b365 BUG Custom label set in summary_fields config gets overridden 2014-08-14 14:19:41 +12:00
John Milmine
0a36951ab1 adding exclamation mark and question mark to delimiters, made text work the same as HTML Text 2014-08-07 21:01:23 +10:00
Marcus Nyeholt
b273f3b524 API Updated aspect proxy service
- Updated AspectProxyService to handle multiple handlers for each proxied
  object's methods.
- Changed BeforeCallAspect to allow for providing a return value that
  should be returned to the caller instead of the proxied return value
- Changed AfterCallAspect behaviour to allow for returning the value of
  the aspect to the caller instead of the proxied return value
2014-08-06 13:48:26 +10:00
Damian Mooyman
2c24d51c0b Revert #3358 2014-08-04 12:13:19 +12:00
Sean Harvey
b2dac644a0 BUG Fixed escaping of name/value in options of form fields
DropdownField was currently escaping options, but CheckboxSetField and
OptionsetField were not. This fixes them to be consistent.
2014-08-04 09:55:35 +12:00
Damian Mooyman
a89dbd29e1 Revert #3345 #3323 2014-07-31 17:05:57 +12:00
Daniel Hensby
04e5c11ed9 TEST Empty absolute urls - tests for #3323 2014-07-30 23:22:37 +01:00
Jeffrey Guo
5519a026e8 expand a tree node and check a CMS tab 2014-07-30 17:17:08 +12:00
Stig Lindqvist
333a2aa8f9 BUG: CMS tree filters doesn't count the correct number of children for deleted pages
This is a bug that combines Hierarchy, Versioned and LeftAndMain admins and CMSSiteTreeFilters.

This bug can be reproduced by having a large site tree with enough deleted pages in it so it doesn't
pre load all the children pages when initially opening an admin. Filter by either 'All pages including deleted'
or 'Deleted pages'. For CMS users it will look like deleted pages are gone.

The solution involves a couple of smaller fixes in both CMS and framework modules.

1) Ensure that 'numHistoricalChildren' are used instead of 'numChildren' when dealing with deleted pages
2) LeftAndMain::currentPage() deletes all the 'marking' cache previously built up by Hierarchy::markPartialTree()
3) Use Versioned::get_included_deleted() instead of raw DB queries against the DataObject tables when calculating parents in CMSSiteTreeFilter
2014-07-25 16:19:30 +12:00
Senorgeno
df6a8b6fb6 BUG #3282: Added ability to subselect with in left or inner join 2014-07-17 13:27:28 +12:00
Damian Mooyman
c26df0b3c6 Revert "BUG Config::merge_array_low_into_high() ignores falsey values" 2014-07-09 09:57:25 +12:00
Sean Harvey
16e546300f BUG Config::merge_array_low_into_high() ignores falsey values
Specific case: LeftAndMain::$session_keepalive_ping = true cannot be
set to false in config.yml for some cases because the value is ignored
when merge_array_low_into_high() is processing the config arrays.
2014-07-08 15:18:26 +12:00
Sean Harvey
d1d295056b Merge pull request #3265 from stevie-mayhew/images-force-resample
FEATURE allow force resampling on images
2014-07-07 11:27:16 +12:00
Damian Mooyman
c30111eee3 Better encoding of javascript
Fixes #2988
2014-07-07 09:01:53 +12:00
Stevie Mayhew
1d86fe4f52 FEATURE allow force resampling on images 2014-07-05 14:29:01 +12:00
Damian Mooyman
d3c7e41419 BUG using isDev or isTest query string no longer triggers basic auth 2014-07-02 11:51:51 +12:00
Will Rossiter
2c741fec0c FIX Add support for compositedbfield within many_many_extraFields
Previously selectFromTable would simply try to select the composite field name. This expands the extraField name to include the children field names and uses CompositeDBField::writeToManipulation to generate the correct SQL for the queries.
2014-06-28 10:54:48 +12:00
Damian Mooyman
6ff1d3ccbc Merge pull request #3225 from halkyon/log_constants
Adding some more commonly used SS_Log priority constants.
2014-06-23 13:15:45 +12:00
Sean Harvey
9c2ddd4850 Adding some more commonly used SS_Log priority constants. 2014-06-23 11:50:05 +12:00
Sean Harvey
0ee3a683a5 Better support for overloading start and destroy methods in Session
Move functionality from static start and destroy functions into instance
methods, allowing these to be overloaded. This works the same way as
calling Session::set() which then in turn calls inst_set()

Additionally use Injector to create the default Session instance to
allow the class to be swapped out.
2014-06-20 10:35:53 +12:00
Damian Mooyman
11cc27f700 Merge pull request #2967 from halkyon/formfield_readonly
Fixing FormField not setting readonly attribute on setReadonly(true)
2014-06-17 14:48:56 +12:00
Sean Harvey
b4bfb75a0d Merge pull request #3207 from chillu/pulls/behat-gridfield
Moved table-related feature steps to behat extension
2014-06-17 13:43:33 +12:00
Loz Calver
3d71a22a98 FIX: ClassManifest errors if files contain duplicate class names (fixes #3210) 2014-06-16 22:18:18 +01:00
Ingo Schommer
415ba11356 Merge pull request #3175 from tractorcow/pulls/3.1/mink-update
Update for Mink 1.6 compatibility (DO NOT MERGE)
2014-06-13 16:34:22 +12:00
Ingo Schommer
a433fa2ec4 Moved table-related feature steps to behat extension
Reused for tables other than GridField.
See https://github.com/silverstripe-labs/silverstripe-behat-extension/pull/51
2014-06-13 15:10:16 +12:00
Damian Mooyman
d516063db7 BUG fix dependency injection stumbling over ViewableData's __isset 2014-06-12 10:08:59 +12:00
Damian Mooyman
4c5de82625 Versioned no longer sets redundant session data 2014-06-11 16:42:22 +12:00
Damian Mooyman
4fdfff8a23 Update for Mink 1.6 compatibility 2014-05-30 15:46:54 +12:00
Simon Welsh
9b3bfb2e10 Merge pull request #3145 from tractorcow/pulls/3.1/fix-choose-stage
BUG Fix access to protected Session::current_session()
2014-05-24 11:07:40 +10:00
Simon Welsh
b020cabc1a Merge pull request #3138 from tractorcow/pulls/3.1/fix-arraylist-sorting
BUG ArrayList failing to respect the SS_Sortable interface
2014-05-24 11:05:25 +10:00
Ingo Schommer
ec325a3c7f API Fix HTTPS proxy header detection
Didn't use the de facto standard HTTP_X_FORWARDED_PROTO or the less standard HTTP_FRONT_END_HTTPS.
Removed the 'X-Forwarded-Proto', since PHP should prefix/underscore all HTTP headers before it hits $_SERVER.

References:
- https://docs.djangoproject.com/en/1.4/ref/settings/#secure-proxy-ssl-header
- https://drupal.org/node/1859252
- https://drupal.org/node/313145
- http://scottwb.com/blog/2013/02/06/always-on-https-with-rails-behind-an-elb/
2014-05-22 18:34:15 +12:00
Damian Mooyman
4a34c364e6 BUG Fix access to protected Session::current_session()
Fixes #3144
2014-05-20 10:17:33 +12:00
Damian Mooyman
c24a2c2177 BUG ArrayList failing to respect the SS_Sortable interface
ref: CWPBUG-133
2014-05-15 14:25:23 +12:00
Damian Mooyman
51c3346b46 BUG Fix deprecated use of statics in test cases 2014-05-12 08:44:11 +12:00
Ingo Schommer
a05d8113af Merge pull request #3103 from simonwelsh/configstatic_nextstring
Adds to nextString() method to ConfigStaticManifest
2014-05-09 16:08:19 +12:00
Simon Welsh
3602ce2db8 Adds to nextString() method to ConfigStaticManifest
This is used to get the classname out of the tokens, rather than assuming that
the class name is a single T_STRING.
2014-05-06 15:35:37 +10:00
Hamish Friedlander
50e1ed2f72 Merge pull request #3101 from tractorcow/pulls/3.1-fileexists-checking
BUG Better checking of existing files
2014-05-06 15:32:06 +12:00
Hamish Friedlander
149b4e4356 Merge pull request #3019 from tractorcow/pulls/3.1-dataquery-tables
BUG Fix data query not always joining necessary tables
2014-05-06 15:26:26 +12:00
Damian Mooyman
ae573f829f BUG Fix Versioned stage not persisting in Session. Fixes #962
BUG Disabled disruptive test case in DirectorTest
API RequestProcessor and VersionedRequestFilter now both correctly implement RequestFilter
Better PHPDoc on RequestFilter and implementations
2014-05-06 14:11:44 +12:00
Damian Mooyman
df28ccb59f BUG Better checking of existing files
[ref: CWPBUG-158]
2014-05-06 14:06:16 +12:00
Damian Mooyman
a3c8a594ca BUG Fix data query not always joining necessary tables
Fixes #2846
2014-05-06 12:22:46 +12:00
Hamish Friedlander
bbd7bba11f Merge pull request #3058 from tractorcow/pulls/injector-stack-tests
API Injector supports nesting
2014-05-06 11:35:32 +12:00
Hamish Friedlander
ad27cd5ec9 FIX Folder Title not being exactly the same as Name field
Backport to 3.0 of PR #3086
2014-05-05 14:39:45 +12:00
Ingo Schommer
f2b2ee8a68 Merge pull request #3021 from tractorcow/pulls/3.1-htmltext-whitelist
BUG HTMLText whitelist considers text nodes
2014-05-05 13:23:52 +12:00