2883 Commits

Author SHA1 Message Date
Stephen Shkardoon
b3407abe4b API Fix HTTPS proxy header detection (Same as #3152)
Didn't use the de facto standard HTTP_X_FORWARDED_PROTO or the less standard HTTP_FRONT_END_HTTPS.
Removed the 'X-Forwarded-Proto', since PHP should prefix/underscore all HTTP headers before it hits $_SERVER.

References:
- https://docs.djangoproject.com/en/1.4/ref/settings/#secure-proxy-ssl-header
- https://drupal.org/node/1859252
- https://drupal.org/node/313145
- http://scottwb.com/blog/2013/02/06/always-on-https-with-rails-behind-an-elb/
2014-11-25 03:21:36 +13:00
Simon Welsh
ed4d32581d $manifest needs to be global for Deprecation. 2014-02-04 12:26:28 +13:00
Damian Mooyman
f67b549b77 BUG Fixed cross-platform issues with test cases and file utilities 2013-10-04 13:54:33 +13:00
Hamish Friedlander
4a7aef0e25 FIX Double slashes in ParameterConfirmationToken 2013-08-19 11:35:34 +12:00
Hamish Friedlander
5f9387c42c FIX Constants magic_quotes handling needs function from Core 2013-08-05 14:58:44 +12:00
Hamish Friedlander
041466fe02 FIX Token redirect where in IIS a / needs adding between host & url 2013-08-05 09:15:11 +12:00
Hamish Friedlander
342058742c FIX Flush on memory exhaustion and headers sent 2013-08-02 09:41:16 +12:00
Hamish Friedlander
a1ea905ca8 FIX Nice errors and allows flush on module removal 2013-07-24 09:57:01 +12:00
Hamish Friedlander
84011aa736 FIX Only suppress fatal errors 2013-07-22 14:48:16 +12:00
Hamish Friedlander
604d9bf7dc Split Core.php into Constants.php and Core.php and adjust main.php startup
The recent flush filter fix had a problem that you couldnt set a custom
BASE_PATH in _ss_environment because that file didnt get included until
after checking the confirmation token. This patch pulls the part of Core.php
that defines BASE_PATH into a seperate file that can be included earlier
in the startup sequence so that ParameterConfirmationToken can access it.

Core.php includes Constants.php with a require_once call, so for startup
scripts that dont pull in Constants.php themselves (like cli-script.php)
no change is needed.
2013-07-22 13:52:00 +12:00
Hamish Friedlander
a312cd08e1 FIX: Ignore invalid tokens instead of throwing 403 2013-07-19 14:47:05 +12:00
Hamish Friedlander
036c36a7dd FIX: Have ParameterConfirmationToken work regardless of include path 2013-07-19 14:33:56 +12:00
Hamish Friedlander
1298d4a5bd FIX Prevent DOS by checking for env and admin on ?flush=1 (#1692) 2013-07-19 12:24:32 +12:00
Simon Welsh
9deb11f9a0 Use preg_replace_callback over preg_replace with e modifier 2013-07-05 09:08:58 +12:00
Sam Minnee
b401d39aec NEW: Move temp data into a user-specific subfolder, to stop temp-permission bugs from occurring.
Anyone who has run "sudo -u www-data ./framework/sake dev/build" knows that SilverStripe's temp
folder permissions can be very brittle.  This patch resolves this by making the temp folder
user-specific.

To minimise directory pollution it first creates a chmod 777 parent folder with the same name
as the current folder.  It then creates a subfolder of this with the same name as the current
user.

The positive impact of this change is that sake can be used without fear of messing up file
permissions.  This means, among other things, that we can put a Composer post-update-cmd into
the installer to run dev/build.  Progress!

The negative impact is that you will get two caches if you run sake as a different user.  However,
that is much better than the current situation - which is a bunch of bugs - and if you're concerned
about that, you still have the option of running sake as www-data.
2013-05-15 12:54:55 +02:00
Daniel Hensby
9a6a6ec75d Arbitrary placement of _ss_environment.php in parent folders
Removes hardcoding to three levels
2013-05-14 13:39:43 +02:00
Hamish Friedlander
600d9cff53 API Make Object::config use late static binding
Can now be used in instance scope, like:
  $this->config()->db
and in static scope, like:
  Page::config()->db
2013-03-26 00:37:47 +01:00
Stephen Shkardoon
9ac104b8c7 BUG $_COOKIES is not un-magic_quotes'd
Added stripslashes_recursively to $_COOKIE (fixes #6309)
2013-03-19 22:13:07 +13:00
Jeremy Thomerson
a70df3e472 BUG PaginatedList deprecated method was calling non-existent method 2013-01-15 13:25:16 -06:00
Simon Welsh
fc5dd2994c Add codesniffer that ensures indentation is with tabs. 2012-12-12 00:12:11 +13:00
Ingo Schommer
e4d71c2a20 Add Composer autoloader
Mainly to get PHPUnit going as a composer requirement
rather than through PEAR (which is easier to set up).
2012-11-15 13:40:09 +01:00
Ingo Schommer
a5fd3cf985 BUG Inspect current directory for include_path
This fixes problems where require/include calls rely
on the relative file path, e.g. in i18n.php.

Followup from https://github.com/silverstripe/sapphire/pull/904
2012-11-01 10:10:06 +01:00
Damian Mooyman
0d7816b55d BUG Fixed issue with Deprecation failing to extract the module from a stacktrace, especially on non-unix systems
API Added Convert::nl2os function to normalise end of line characters across systems with tests
BUG Fixed i18n unit tests in non-unix systems constantly failing
BUG Fixed problems with HTMLCleaner tests failing in non-unix systems
2012-10-17 11:57:16 +13:00
Sam Minnee
1f7fc1f76a FIX Remove instances of lines longer than 120c
The entire framework repo (with the exception of system-generated files) has been amended to respect the 120c line-length limit.  This is in preparation for the enforcement of this rule with PHP_CodeSniffer.
2012-09-30 17:18:13 +13:00
Ingo Schommer
e2f073f38a Method visibility according to coding conventions 2012-09-20 10:46:59 +02:00
Sean Harvey
b075fa29c5 Have tiny_mce_gzip.php use local silverstripe-cache folder if available
This is a fix for ticket #7670. Some hosting situations don't
allow write access to the system temp path. tiny_mce_gzip.php is currently
using sys_get_temp_dir() by default, and not using a local silverstripe-cache
folder that may exist in the SilverStripe project.

This change moves the getTempFolder() function into a common file, and
includes that in core/Core.php, as well as thirdparty/tinymce/tiny_mce_gzip.php
so both locations share the same code to work out the temp path.
2012-09-19 16:43:17 +12:00
Sean Harvey
e0beca198b Added missing $tempPath argument (regression from last commit) 2012-09-19 13:30:05 +12:00
Sean Harvey
aa4fa75091 Consistently use the $base argument to getTempFolder() 2012-09-19 13:27:43 +12:00
Sam Minnée
57ad36e11d Merge pull request #750 from silverstripe-rebelalliance/open/5971
FIX If ClassName read from DB doesnt exist, dont break
2012-08-29 22:48:31 -07:00
Hamish Friedlander
2f00884e79 FIX If ClassName read from DB doesnt exist, dont break
We know the subclass of a record by its ClassName value, but code changes
might have meant that class no longer exists. We used to just break,
but this patch overrides the apparent value of ClassName to be
one that exists in that situation
2012-08-30 11:02:50 +12:00
Ingo Schommer
b53790eace Fluent API for PaginatedList 2012-08-28 17:28:37 +02:00
Sam Minnée
93cdb83ac8 Merge pull request #738 from simonwelsh/lsb-53-30
FIX Removes version checking for LSB in Object::static_lookup()
2012-08-27 21:07:29 -07:00
Hamish Friedlander
26cfd64d8e FIX issue with cyclic configs when framework called sapphire
The _config/route rules explicitly mentioned framework by module name,
so if you installed framework in the older sapphire directory youd
always end up with cyclic config requirement errors
2012-08-28 15:44:40 +12:00
Hamish Friedlander
aa0cd147bf FIX Make config DAG error message more dev friendly 2012-08-28 14:38:33 +12:00
Sam Minnée
dd97da0ac2 Merge pull request #741 from silverstripe-rebelalliance/trac/7765
FIX several issues with the config system
2012-08-26 22:18:14 -07:00
Hamish Friedlander
6009cfadc2 NEW Allow debugging of config cyclic errors
It is possible to specify before and after rules on config fragments
that conflict - A before B and B before A isnt possible to solve.

This used to just throw an error with no way to debug. Now if you
specify debug as a GET parameter and the site is not in live mode
youll get a basic dump of the remaining DAG graph
2012-08-27 16:08:10 +12:00
Hamish Friedlander
e0b8f15171 FIX Config wasnt filtering wildcards properly
When specifying a specific before rule and a wildcard after rule (or
vice versa), the config system was filtering out any fragment
from the list of fragments that matched the wildcard if it matched
_any_ componenet of the specific rule, not all of them.

Fixed, and added handling of two semi wild-card rules, where a
rule with less wildcards wins over a rule with more.

See http://open.silverstripe.org/ticket/7765 for more
2012-08-27 16:03:03 +12:00
Hamish Friedlander
c7ca47f2b1 FIX Config frag could only have one before or after rule
You should be able to specify multiple before and after rules in
a config fragment. This was intended to be a comma seperated string
but that wasnt being split properly

Now if you provide a comma seperated string it is split properly,
but you can also provide an array, which is actually cleaner
2012-08-27 16:00:54 +12:00
Simon Welsh
e159a68f89 FIX Removes version checking for LSB in Object::static_lookup()
Late static binding was added in PHP 5.3, not 5.4. As such, the check for 5.4
and then fallback to Reflection isn't needed.
2012-08-23 17:51:29 +12:00
Hamish Friedlander
fa37c448a5 API Reverse config extra statics control flow
Config system used to provide an add_static_source method, which was intended for
use by Extensions to add statics. But extensions for a class arent initialised
until at least one instance of that class is created, so before that the
Config system didnt include values from extensions

This patch reverses the control flow, so that the Config system explictly asks
each Object for its additional config sources via the new method
get_extra_config_sources. This method returns an array that can contain
string names of classes and also raw associative arrays.

The developer visible change is that Extension#add_to_class has been
deprecated. Instead there is a new method, get_extra_config, which has
the same method signature but needs to guarantee that it doesnt
cause side effects. Additionally there is no need to call
parent::get_extra_config - this is handled automatically.
2012-08-23 09:29:13 +12:00
Saophalkun Ponlu
c555256890 BUGFIX: PaginatedList::getIterator() trims the original list to the page lenght when the source list is DataList 2012-07-15 01:02:49 +12:00
Ingo Schommer
712f28bc78 Scoped deprecation messages (fixes #7645) 2012-07-13 11:37:35 +02:00
Ingo Schommer
64357a4522 Merge branch '3.0'
Conflicts:
	admin/css/screen.css
	admin/scss/_forms.scss
	docs/en/changelogs/3.0.0.md
2012-07-05 18:01:09 +02:00
Sam Minnee
6ef4f9ad3f BUG: Fix increase_memory_limit_to() to reduce installation errors.
increase_memory_limit_to() was broken a while ago, and this causes a lot of problems for people trying to install on environments where the memory limit is 32M.
2012-06-26 12:39:50 +12:00
Andrew Short
77d712202c ENHANCEMENT: Add method to disable automatic limiting on PaginagedLists.
In some circumstances a custom generated list will already only contain
the items for the current page. The automatic limiting will then limit
the already limited list, breaking pagination. This allows you to disable
automatic limiting so all items are shown regardless of the current page.
2012-06-21 21:21:34 +02:00
Ingo Schommer
45a14951a3 Revert "MINOR Updated sfYaml parser dependency to 2.0.14, use it in ConfigManifest and i18nTextCollector"
This reverts commit 3a01c2ab2ec72d62c5f61fdb1c29c193617f8b3b.

Conflicts:

	core/manifest/ConfigManifest.php
	i18n/i18nTextCollector.php
2012-06-21 21:11:48 +02:00
Ingo Schommer
51a1026cd8 MINOR Fixed case sensitive require_once() (broken by 3a01c2ab2) 2012-06-20 14:41:40 +02:00
Ingo Schommer
3a01c2ab2e MINOR Updated sfYaml parser dependency to 2.0.14, use it in ConfigManifest and i18nTextCollector
Changed class loading to new file structure, moved dependency to framework/thirdparty,
rather than relying on "second level" dependencies through Zend_Translate_RailsYAML.
To be replaced by a composer dependency (+ proper autoloading) once in place.
2012-06-20 14:06:21 +02:00
Sam Minnée
5062bb8ff5 Merge pull request #533 from halkyon/supress_mkdir_temp
BUGFIX Supress mkdir() when attempting to create a temp folder, instead
2012-06-14 16:53:54 -07:00
Sean Harvey
105986392b BUGFIX Supress mkdir() when attempting to create a temp folder, instead
of the variable. This gives a nicer error in the installer.
2012-06-15 11:48:42 +12:00