Commit Graph

2497 Commits

Author SHA1 Message Date
Damian Mooyman
7f983c2bae BUG Fix SS-2014-017 2015-03-20 18:27:30 +13:00
Damian Mooyman
80fc55decf Merge branch 'xss-fix' into '3.1'
Xss fix

See merge request !3
2015-03-20 18:19:53 +13:00
Christopher Pitt
604c328712 Fixed XSS vulnerability relating to rewrite_hash 2015-03-20 18:17:51 +13:00
Damian Mooyman
b34c236b3c BUG Fix joins on tables containing "select" being mistaken for sub-selects
Fix PHPDoc on SQLQuery::addFrom and SQLQuery::setFrom
Fixes #3965
2015-03-18 16:10:07 +13:00
Daniel Hensby
de2aa47250 Merge pull request #4006 from kinglozzer/patch-1
FIX: Security::$default_message_set Config value unusable
2015-03-17 17:05:01 +00:00
Loz Calver
a61c08d031 FIX: Security::$default_message_set Config value unusable 2015-03-17 15:51:31 +00:00
Daniel Hensby
f568052044 Testing empty absolute urls and more thorough tests 2015-03-13 13:56:14 +00:00
Damian Mooyman
9651889f1b BUG Fix yaml generation to conform to version 1.1, accepted by transifex 2015-03-10 13:44:21 +13:00
Ingo Schommer
1a9c206d15 Merge pull request #3871 from patbolo/3173-folder-treedropdownfield
BUGFIX Use correct query when searching for items managed by a tree drop...
2015-03-08 23:23:03 +13:00
Daniel Hensby
d2a3da2203 Making docs gender agnostic 2015-03-07 12:32:04 +00:00
Loz Calver
f234301c0a FIX: DataQuery::applyRelation using incorrect foreign key (fixes #3954) 2015-03-02 09:56:47 +00:00
Jean-Fabien Barrois
f9d493dff5 BUGFIX Fixes case insensitive search for postgres databases 2015-03-02 09:55:29 +13:00
Jean-Fabien Barrois
bbe27999eb BUGFIX Use correct query when searching for items managed by a tree dropdown field #3173 2015-02-27 11:18:27 +13:00
Loz Calver
3a7e24a220 FIX: Unable to access a list of all many_many_extraFields 2015-02-25 10:33:50 +00:00
Sean Harvey
cebc0d08c5 Merge pull request #3894 from tractorcow/pulls/3.1/encoding-fixes
BUG Lots of encoding fixes
2015-02-16 09:18:41 +13:00
Damian Mooyman
1db08bac88 BUG Fix FormAction title encoding
BUG Fix TreeMultiSelectField using the wrong label
BUG Fix encoding of selected title on TreeDropdownField
BUG Fix DataDifferencer trying to compare non-comparable fields (non-dbfield objects)
BUG: Fix issue with TreeMultiSelectField not saving
BUG: Fix issue with GridFieldPrintButton
ENHANCEMENT Instead of using multiple api calls to encode dbfield values, delegate this operation to the individual fields via forTemplate
Instead of using a new API to communicate html encoding to treeselect, just ensure all content is HTML encoded, and enable html_titles in jstree.
2015-02-13 15:50:45 +13:00
Damian Mooyman
518045257e BUG Fixed handling of numbers in certain locales.
Fixes #2161
2015-02-13 10:50:00 +13:00
JorisDebonnet
047fe3a410 BUG Include php version in default cache folder name
Update CoreTest.php
2015-02-12 17:29:45 +13:00
Will Morgan
7c9810bf49 Merge pull request #3432 from IgorNadj/3.1-fix-minify
FIX making minify javascript fail-safe
2015-02-06 11:17:59 +00:00
Will Rossiter
abd1e6b856 FIX GridFieldExportButton should honour can method. 2015-02-03 16:21:37 +13:00
Loz Calver
77ebdc22fa FIX: DataObject::db returned fields in incorrect order, with incorrect data types
fixes #3802
2015-01-19 20:38:08 +00:00
Will Rossiter
220bdf342c Merge pull request #3577 from tractorcow/pulls/3.1/fix-basicauth-resetlogin
BUG Fix BasicAuth not resetting failed login counts on authentication
2015-01-15 11:03:52 +13:00
Damian Mooyman
7816875e92 Fix file and uploadfield permissions 2015-01-12 10:56:25 +13:00
Ingo Schommer
c705c547fd Behat: Ignore native dropdowns if they're not visible
The CmsUiContext->theIFillInTheDropdownWith() method was written
primarily for TreeDropdownField, which don't have a select tag (only an input tag).
The method currently fails for CMS dropdowns (Dropdown form field class),
since they have a hidden select tag.

I've checked through core feature files and confirmed that every use
of the method relates to TreeDropdownField, which is why this bug hasn't ocurred earlier.
2015-01-06 10:19:17 +13:00
Damian Mooyman
1f4f5e68ba BUG Fix versioned
Versioned is not writing Version to _version tables for subclasses of Version dataobjects which have their own DB fields
- Fix disjoint of ID / RecordID (which should be the same)
- Fix calculation of new record version
- Fix use of empty vs !isset to check for existing version

Conflicts:
	model/Versioned.php
	tests/model/VersionedTest.php

Cherry picked from commit c140459ac6
2014-12-02 22:30:59 +02:00
Igor Nadj
77e30d4524 Cleanup, removing redundant returns 2014-11-26 15:31:07 +13:00
Igor Nadj
657606e8c8 Updating code to allow unit test to use try-catch block to catch warning
without stopping code execution inside try
2014-11-26 15:27:54 +13:00
Damian Mooyman
2bdfd65e9b BUG Security::findAnAdministrator doesn't always find an admin 2014-11-18 15:36:34 +13:00
Damian Mooyman
7f2161d7a0 Merge pull request #3599 from kinglozzer/numericfield-whitespace
Fix whitespace issues in NumericField/NumericFieldTest
2014-11-14 10:31:21 +13:00
Sam Minnée
71c354d768 Merge pull request #3623 from kinglozzer/pulls/dataobject-db-inheritance
FIX: DataObject::db() doesn't respect overloaded db types (fixes #3620)
2014-11-12 13:41:03 +13:00
Loz Calver
85b4ba15fc FIX: DataObject::db() doesn't respect overloaded db types (fixes #3620) 2014-11-11 10:41:54 +00:00
g4b0
239ed66eaf Bugfix: fixed inheritance breaks filtering if relations are included (issue #3610) 2014-11-11 10:04:41 +01:00
Loz Calver
76b833dfbb Fix whitespace issues in NumericField/NumericFieldTest 2014-11-03 09:13:54 +00:00
muskie9
082c49c1b5 Bugfix NumericField shows (none) for 0 on readonly 2014-11-02 20:57:20 -06:00
Stephen McMahon
20af30ed98 FIX GridFieldExportButton exporting only Paginated list when using ArrayList as source 2014-10-27 11:03:00 +11:00
Loz Calver
a77ca1995a Merge pull request #3521 from halkyon/bigsummary_plain_fix
BUG Text::BigSummary() fails with undefined $data when $plain = false
2014-10-25 23:30:36 +01:00
Loz Calver
2176a6dea8 Merge pull request #3576 from tractorcow/pulls/3.1/upload-attach
BUG File attach handler is no longer accessible if attachment is disallowed or disabled
2014-10-25 23:12:03 +01:00
Damian Mooyman
0a04e2e77b Merge pull request #3484 from dnadesign/object_has_extension_fix
fixed and tested object has_extension
2014-10-24 17:20:00 +13:00
John Milmine
62658a6cca fixed and tested object has_extension 2014-10-24 16:58:50 +13:00
Damian Mooyman
9d78eb7fe6 BUG Fix BasicAuth not resetting failed login counts on authentication 2014-10-24 14:19:12 +13:00
Damian Mooyman
5d27ea4be1 BUG File attach handler is no longer accessible if attachment is disallowed or disabled 2014-10-24 11:31:33 +13:00
Devlin
478edfa0c6 BUG Upload: File versioning with existing files
reinsert oldFilePath = relativeFilePath in while loop
2014-10-22 08:48:55 +13:00
Damian Mooyman
49cb38dfc1 BUG Fix static call to protected instance method 2014-10-20 17:04:25 +13:00
Sam Minnée
3d9fa205fe Merge pull request #3547 from kinglozzer/pulls/3546-apply-relation
Fix DataQuery::applyRelation for multiple relations of the same class (fixes #3546)
2014-10-15 18:00:19 +13:00
Damian Mooyman
53c40a94fa API Enable re-authentication within the CMS if a user session is lost
BUG Resolve issue with error redirection being ignored within CMS
BUG Fix issue with invalid securityID being re-emitted on failure
2014-10-14 15:19:48 +13:00
Damian Mooyman
793784e9d7 BUG Fix flushing of SSViewer cache via testing 2014-10-14 09:47:05 +13:00
Loz Calver
c52e94e98e Fix DataQuery::applyRelation for multiple relations of the same class (fixes #3546) 2014-10-13 19:46:37 +01:00
Loz Calver
97170dd42d Better tests for SSViewer::flush & Flushable 2014-10-13 09:44:14 +01:00
Sean Harvey
f86b0bbca0 Merge pull request #3459 from jdemeschew/3356-fix-js-not-properly-included
Fix #3356 js not properly included
2014-10-13 16:41:37 +13:00
Loz Calver
48eb0e67e6 FIX: Deliberately clear partial cache blocks on flush (fixes #1383)
Move property to top of class definition

Move property to top of class definition
2014-10-09 21:44:01 +01:00
Sean Harvey
776f6976c9 BUG Text::BigSummary() fails with undefined $data when $plain = false 2014-10-01 16:02:28 +13:00
Thierry François
bbc1cb8270 FIX #3458 iframe transport multi file upload FIX #3343, FIX #3148
UploadField now handles multiple file upload through iframe transport
correctly (mainly for IE) as well as upload errors on a per file basis.
2014-09-26 10:48:41 +03:00
Sean Harvey
c57c24eb81 Merge pull request #3464 from InfinityIo/rewrite_hash_links-SSTemplateParser-fix
Fix over-eager rewrite_hash_links regexp in SSTemplateParser
2014-09-26 18:14:08 +12:00
Nik
5258b84e5c Updated SSViewerTest to test for SSTemplateParser rewrite_hash_links fix 2014-09-26 17:41:27 +12:00
torleif
75ec0c4791 Added tests that check comparisonClause()
AS requested by tractorcow: https://github.com/silverstripe/silverstripe-postgresql/pull/26

Tested on MySQL (succeeds as expected)  Tested on PostgreSQL (and fails as expected, but passes with patch). The fixes test only DataQueryTest related items for consistency, e.g. by avoiding DataObject calls.
2014-09-26 12:11:33 +12:00
Sean Harvey
e3056ed831 Merge pull request #3486 from jeffreyguo/pulls/html-field
Updated html field to support quotes
2014-09-26 11:16:42 +12:00
Sean Harvey
f7af0d8955 Merge pull request #3398 from dnadesign/fixsortableheader
API: Add ClassInfo::table_for_object_field to return the table name for ...
2014-09-26 11:14:33 +12:00
Will Rossiter
920978df99 API: Add ClassInfo::table_for_object_field
Returns the table name for a field in a class hierarchy.

This issue raised itself with GridFieldSortableHeader not supporting sorting on fields from parent class fields.
2014-09-26 10:38:31 +12:00
Gabrijel Gavranović
cf456d6625 FIX use @param $colName in column call 2014-09-26 09:18:29 +12:00
Sean Harvey
ee717c7f66 Merge pull request #3287 from IgorNadj/3.1
ENH making /dev extendable
2014-09-25 18:34:21 +12:00
Sean Harvey
409aebf0af Merge pull request #2515 from guttmann/html-text-absolutelink-placeholders
HTMLText AbsoluteLink parse placeholders
2014-09-25 16:07:41 +12:00
Sean Harvey
6d12cf372e Merge pull request #2921 from JayDevlin/2904-upload-file-versioning
BUG Upload: file versioning uses illegal underscore in filename
2014-09-24 15:59:53 +12:00
Sean Harvey
4ae0d90c55 Merge pull request #2946 from tractorcow/pulls/3.1-fix-injector-inheritance-bug
BUG Fix issue with inheritance of Injector service configuration
2014-09-24 15:52:00 +12:00
Ingo Schommer
fb8b22c292 Merge pull request #3402 from halkyon/plural_fix
BUG Fixing plural_name messing up singular words ending in "e" (#3251)
2014-09-18 21:56:56 +12:00
Jeffrey Guo
1f5f2a1798 Updated html field to support quotes 2014-09-12 15:09:12 +12:00
Juri Demeschew
3eabd7d41a Fix #3356 js not properly included 2014-09-09 06:59:31 +02:00
Sean Harvey
151b7e9876 Adding ability to change query distinct on DataList and DataQuery 2014-09-04 13:51:43 +12:00
Will Rossiter
7993875f16 FIX: Sorting a DataQuery over a relation.
When sorting a DataQuery over a relation, the SQLQuery automatically included the sort column. The issue with the implement is that potentially the joined record has a field with the same name as the source record causing it to be overridden.

In the attached test case, without the patch the title will be set to 'Bar' rather than 'Foo'.

This patch aliases the sort column. Alternativally a patch would be to
2014-08-26 17:41:38 +12:00
Igor Nadj
f823831a63 FIX making minify javascript fail-safe 2014-08-25 11:49:38 +12:00
Damian Mooyman
96d0874953 BUG Fix issue with inheritance of Injector service configuration 2014-08-25 10:23:01 +12:00
Sean Harvey
0e07f1a7f5 Merge remote-tracking branch 'origin/3.0' into 3.1 2014-08-22 17:50:36 +12:00
Ingo Schommer
1661213e5b FIX Opt-out pf form message escaping (fixes #2796)
This fixes a limitation introduced through http://www.silverstripe.org/ss-2013-008-xss-in-numericfield-validation/.
Form messages used to accept HTML, now they’re escaped by default, effectively removing the ability
to pass in HTML and take care of escaping manually.

We pass through HTML to message in core through the CTF system, so this needs to be fixed.
It’s an alternative fix to https://github.com/silverstripe/silverstripe-framework/pull/2803.
2014-08-22 16:59:34 +12:00
Sean Harvey
8063b349c8 BUG Fixing Director::test() failing on BASE_URL prefixed URLs
Example: you have a site in a sub-directory off the webroot, you call
->Link() on a SiteTree record, which returns "/[sitedir]/my-page", and
you pass this URL to Director::test(). It's a valid URL, but
Director::test() will throw a 404.

Director::test() should be ensuring that all URLs passed to it are
properly made relative, not just in the case where it thinks the URL
is absolute.
2014-08-22 15:21:53 +12:00
Damian Mooyman
aec8430395 Merge pull request #3393 from halkyon/flushable
NEW Provide a consistent way of triggering flush
2014-08-22 10:28:26 +12:00
Sean Harvey
2b316e79e5 NEW Provide a consistent way of triggering flush
Provides an interface for classes to implement their own flush()
functionality. This function gets called early in a request on
all implementations of Flushable when flush=1|all is requested in the
URL.

This fix came out of an issue where Requirements combined files were not
being cleaned up after dev/build?flush=1, due to the fact that flush
would only occur when you called it while on a page that used those
combined files, but not in any other contexts. This will now call flush
on any implementors of Flushable regardless of the context of where
flush was called.
2014-08-22 09:24:27 +12:00
Sean Harvey
61c6dee057 BUG Fixing plural_name messing up singular words ending in "e" (#3251)
This would ideally be fixed with the ability to use an external library
like gettext, but that's an API change. This for now fixes the issue
where a singular like "Page" returns "Pags" for the plural name.
2014-08-20 14:55:40 +12:00
Devlin
4178f7beb0 test all generate methods and formatted image deletetions 2014-08-19 10:12:47 +02:00
Sean Harvey
5f1552b365 BUG Custom label set in summary_fields config gets overridden 2014-08-14 14:19:41 +12:00
John Milmine
0a36951ab1 adding exclamation mark and question mark to delimiters, made text work the same as HTML Text 2014-08-07 21:01:23 +10:00
Igor Nadj
b3d52de531 ENH making /dev extendable 2014-08-06 16:29:52 +12:00
Marcus Nyeholt
b273f3b524 API Updated aspect proxy service
- Updated AspectProxyService to handle multiple handlers for each proxied
  object's methods.
- Changed BeforeCallAspect to allow for providing a return value that
  should be returned to the caller instead of the proxied return value
- Changed AfterCallAspect behaviour to allow for returning the value of
  the aspect to the caller instead of the proxied return value
2014-08-06 13:48:26 +10:00
Damian Mooyman
2c24d51c0b Revert #3358 2014-08-04 12:13:19 +12:00
Sean Harvey
b2dac644a0 BUG Fixed escaping of name/value in options of form fields
DropdownField was currently escaping options, but CheckboxSetField and
OptionsetField were not. This fixes them to be consistent.
2014-08-04 09:55:35 +12:00
Damian Mooyman
a89dbd29e1 Revert #3345 #3323 2014-07-31 17:05:57 +12:00
Daniel Hensby
04e5c11ed9 TEST Empty absolute urls - tests for #3323 2014-07-30 23:22:37 +01:00
Jeffrey Guo
5519a026e8 expand a tree node and check a CMS tab 2014-07-30 17:17:08 +12:00
Stig Lindqvist
333a2aa8f9 BUG: CMS tree filters doesn't count the correct number of children for deleted pages
This is a bug that combines Hierarchy, Versioned and LeftAndMain admins and CMSSiteTreeFilters.

This bug can be reproduced by having a large site tree with enough deleted pages in it so it doesn't
pre load all the children pages when initially opening an admin. Filter by either 'All pages including deleted'
or 'Deleted pages'. For CMS users it will look like deleted pages are gone.

The solution involves a couple of smaller fixes in both CMS and framework modules.

1) Ensure that 'numHistoricalChildren' are used instead of 'numChildren' when dealing with deleted pages
2) LeftAndMain::currentPage() deletes all the 'marking' cache previously built up by Hierarchy::markPartialTree()
3) Use Versioned::get_included_deleted() instead of raw DB queries against the DataObject tables when calculating parents in CMSSiteTreeFilter
2014-07-25 16:19:30 +12:00
Senorgeno
df6a8b6fb6 BUG #3282: Added ability to subselect with in left or inner join 2014-07-17 13:27:28 +12:00
Damian Mooyman
c26df0b3c6 Revert "BUG Config::merge_array_low_into_high() ignores falsey values" 2014-07-09 09:57:25 +12:00
Sean Harvey
16e546300f BUG Config::merge_array_low_into_high() ignores falsey values
Specific case: LeftAndMain::$session_keepalive_ping = true cannot be
set to false in config.yml for some cases because the value is ignored
when merge_array_low_into_high() is processing the config arrays.
2014-07-08 15:18:26 +12:00
Sean Harvey
d1d295056b Merge pull request #3265 from stevie-mayhew/images-force-resample
FEATURE allow force resampling on images
2014-07-07 11:27:16 +12:00
Damian Mooyman
c30111eee3 Better encoding of javascript
Fixes #2988
2014-07-07 09:01:53 +12:00
Stevie Mayhew
1d86fe4f52 FEATURE allow force resampling on images 2014-07-05 14:29:01 +12:00
Damian Mooyman
d3c7e41419 BUG using isDev or isTest query string no longer triggers basic auth 2014-07-02 11:51:51 +12:00
Will Rossiter
2c741fec0c FIX Add support for compositedbfield within many_many_extraFields
Previously selectFromTable would simply try to select the composite field name. This expands the extraField name to include the children field names and uses CompositeDBField::writeToManipulation to generate the correct SQL for the queries.
2014-06-28 10:54:48 +12:00
Damian Mooyman
6ff1d3ccbc Merge pull request #3225 from halkyon/log_constants
Adding some more commonly used SS_Log priority constants.
2014-06-23 13:15:45 +12:00
Sean Harvey
9c2ddd4850 Adding some more commonly used SS_Log priority constants. 2014-06-23 11:50:05 +12:00
Sean Harvey
0ee3a683a5 Better support for overloading start and destroy methods in Session
Move functionality from static start and destroy functions into instance
methods, allowing these to be overloaded. This works the same way as
calling Session::set() which then in turn calls inst_set()

Additionally use Injector to create the default Session instance to
allow the class to be swapped out.
2014-06-20 10:35:53 +12:00
Damian Mooyman
11cc27f700 Merge pull request #2967 from halkyon/formfield_readonly
Fixing FormField not setting readonly attribute on setReadonly(true)
2014-06-17 14:48:56 +12:00
Sean Harvey
b4bfb75a0d Merge pull request #3207 from chillu/pulls/behat-gridfield
Moved table-related feature steps to behat extension
2014-06-17 13:43:33 +12:00