Commit Graph

3053 Commits

Author SHA1 Message Date
Damian Mooyman
8331171f2c Merge remote-tracking branch 'origin/3.1' into 3
Conflicts:
	.scrutinizer.yml
	admin/javascript/LeftAndMain.Panel.js
	core/startup/ParameterConfirmationToken.php
	dev/Debug.php
	dev/FixtureBlueprint.php
	docs/en/00_Getting_Started/05_Coding_Conventions.md
	docs/en/00_Getting_Started/index.md
	docs/en/02_Developer_Guides/01_Templates/01_Syntax.md
	filesystem/File.php
	filesystem/Folder.php
	forms/FieldList.php
	forms/LabelField.php
	forms/MoneyField.php
	forms/TextField.php
	forms/TreeDropdownField.php
	forms/Validator.php
	forms/gridfield/GridField.php
	forms/gridfield/GridFieldExportButton.php
	lang/de.yml
	lang/fi.yml
	model/DataObject.php
	model/SQLQuery.php
	parsers/ShortcodeParser.php
	security/ChangePasswordForm.php
	security/Security.php
	tests/control/DirectorTest.php
	tests/core/startup/ParameterConfirmationTokenTest.php
	tests/dev/FixtureBlueprintTest.php
	tests/forms/FieldListTest.php
	tests/forms/MoneyFieldTest.php
	tests/model/SQLQueryTest.php
	tests/security/SecurityTest.php
2015-06-02 19:13:38 +12:00
Damian Mooyman
0319f7855b FIX Incorrect env setting in 3.1.13 2015-06-02 12:27:08 +12:00
Marcus Nyeholt
9c8fa51321 FIX Allow users to specify allowed hosts
Allow users to explicitly state which Hosts are allowed to be requested via
this application instance to avoid Host: header forgery attacks.
2015-05-28 15:58:39 +10:00
Damian Mooyman
a978b891e1 BUG Fix handling of empty parameter token 2015-05-28 10:13:10 +12:00
Damian Mooyman
75137dbab2 Ensure only trusted proxy servers have control over certain HTTP headers 2015-05-28 10:12:46 +12:00
Stevie Mayhew
0d94cf15a5 UPDATE: change all instances of $this->request to use appropriate getter/setter 2015-04-30 11:04:08 +12:00
Damian Mooyman
43f49e8434 Merge remote-tracking branch 'origin/3.1' into 3
Conflicts:
	admin/code/ModelAdmin.php
	control/Director.php
	model/SQLQuery.php
	security/Member.php
	tests/control/HTTPTest.php
	tests/model/SQLQueryTest.php
	tests/security/SecurityTest.php
	tests/view/SSViewerTest.php
2015-03-31 19:54:15 +13:00
Damian Mooyman
7f983c2bae BUG Fix SS-2014-017 2015-03-20 18:27:30 +13:00
Damian Mooyman
db54125262 Deprecate stripslashes_recursively and magic quotes
This code is removed from 4.0
2015-03-14 21:24:11 +13:00
Damian Mooyman
319b96b48b Merge remote-tracking branch 'origin/3.1' into 3
Conflicts:
	docs/en/02_Developer_Guides/09_Security/04_Secure_Coding.md
	docs/en/05_Contributing/01_Code.md
	forms/TreeDropdownField.php
	model/DataObject.php
	security/Member.php
	tests/model/DataObjectTest.php
2015-03-11 11:40:06 +13:00
Daniel Hensby
ef818b3b7b Merge pull request #3970 from tractorcow/pulls/3.2/api-zero-pagination
API enable PaginatedList to be disabled by setting page length to 0
2015-03-09 11:28:36 +00:00
Loz Calver
93dca9aabd Merge pull request #3934 from dhensby/pulls/cofig-lru-fix
Change the LRU cache to a simple in-memory model
2015-03-09 09:31:04 +00:00
Simon Welsh
1d135552cf Change the LRU cache to a simple in-memory model
Slight memory increase when there are lots of additions for much better performance in every case.
2015-03-09 02:01:24 +00:00
Damian Mooyman
9367fd2456 API enable PaginatedList to be disabled by setting page length to 0 2015-03-05 12:07:14 +13:00
micmania1
6e0afd5b3c FIX Prevent unnecessary call to config system which doesn't exist yet
By passing the Config instantiation through the Injector and service configuration we're unnecessarily calling Config::inst()->get() on a config system which doesn't yet exist.

More specifically it calls Config::inst()->get('Config', 'dependencies') here: 4ae0d90c55/control/injector/Injector.php (L660) which in turn calls Config::inst()->get('Config', 'extensions').

This jumps through hoops trying to find the cached config for this class using the current Config_LRU class. When it doesn't find it, it then tries to look through the manifests which don't get created or brought from cache until later on in Core.php. Eventually this returns null for both Config::inst()->get() calls.

I ran a quick performance test before and after on an ec2 t2.micro box using siege (concurrency 5, 10 repetitions) and saved 400ms on average response times on a default installation - it would be awesome if somebody could confirm this is actually the case?
2015-03-03 11:35:26 +00:00
Daniel Hensby
bee642a6b9 FIX make class loader classExists check interface_exists as per docs 2015-03-03 00:22:15 +00:00
Will Rossiter
ddec797c1c Correct PHPDoc for classExists (Fixes #3904)
classExists() doesn't check for interfaces, comment shouldn't say it does.
2015-03-02 20:15:26 +13:00
Damian Mooyman
dff65867cc Merge remote-tracking branch 'origin/3.1' into 3
Conflicts:
	control/HTTP.php
	control/HTTPResponse.php
	docs/en/05_Contributing/01_Code.md
	forms/CompositeField.php
	forms/FormAction.php
	forms/FormField.php
	forms/InlineFormAction.php
	forms/NumericField.php
	forms/TreeDropdownField.php
	forms/TreeMultiselectField.php
	templates/forms/TreeDropdownField.ss
	tests/core/CoreTest.php
	tests/forms/NumericFieldTest.php
	tests/model/DataDifferencerTest.php
2015-02-20 10:17:19 +13:00
Zauberfisch
aa77e126c7 Fixed infinity loop when searching _ss_environment 2015-02-17 04:33:40 +00:00
zauberfisch
eb98b003b7 Fixed looking for _ss_environment.php in root dir and removed redundant code 2015-02-13 23:30:29 +00:00
JorisDebonnet
047fe3a410 BUG Include php version in default cache folder name
Update CoreTest.php
2015-02-12 17:29:45 +13:00
Loz Calver
eed709384d FIX: dev/build not flushing manifests if site is in a subfolder 2015-02-11 19:59:22 +00:00
Damian Mooyman
88fdc75456 Merge remote-tracking branch 'composer/3.1' into 3
Conflicts:
	.editorconfig
	docs/en/00_Getting_Started/00_Server_Requirements.md
	docs/en/00_Getting_Started/01_Installation/04_Other_installation_Options/Windows_IIS7.md
	docs/en/00_Getting_Started/01_Installation/04_Other_installation_Options/Windows_Platform_Installer.md
	docs/en/00_Getting_Started/04_Directory_Structure.md
	docs/en/00_Getting_Started/index.md
	docs/en/01_Tutorials/01_Building_A_Basic_Site.md
	docs/en/01_Tutorials/02_Extending_A_Basic_Site.md
	docs/en/01_Tutorials/03_Forms.md
	docs/en/01_Tutorials/04_Site_Search.md
	docs/en/01_Tutorials/05_Dataobject_Relationship_Management.md
	docs/en/01_Tutorials/index.md
	docs/en/02_Developer_Guides/00_Model/01_Data_Model_and_ORM.md
	docs/en/02_Developer_Guides/00_Model/11_Scaffolding.md
	docs/en/02_Developer_Guides/01_Templates/06_Themes.md
	docs/en/02_Developer_Guides/03_Forms/How_Tos/Simple_Contact_Form.md
	docs/en/02_Developer_Guides/05_Extending/05_Injector.md
	docs/en/02_Developer_Guides/09_Security/04_Secure_Coding.md
	docs/en/02_Developer_Guides/10_Email/index.md
	docs/en/02_Developer_Guides/11_Integration/01_RestfulService.md
	docs/en/02_Developer_Guides/12_Search/01_Searchcontext.md
	docs/en/02_Developer_Guides/14_Files/index.md
	docs/en/02_Developer_Guides/15_Customising_the_Admin_Interface/03_CMS_Layout.md
	docs/en/02_Developer_Guides/15_Customising_the_Admin_Interface/06_Javascript_Development.md
	docs/en/02_Developer_Guides/15_Customising_the_Admin_Interface/How_Tos/Customise_CMS_Tree.md
	docs/en/02_Developer_Guides/15_Customising_the_Admin_Interface/How_Tos/Customise_Site_Reports.md
	docs/en/02_Developer_Guides/18_Cookies_And_Sessions/01_Cookies.md
	docs/en/04_Changelogs/3.1.9.md
	docs/en/05_Contributing/00_Issues_and_Bugs.md
	docs/en/05_Contributing/02_Release_Process.md
	docs/en/05_Contributing/03_Documentation.md
	filesystem/File.php
	filesystem/GD.php
	model/DataDifferencer.php
	model/Versioned.php
	security/BasicAuth.php
	security/Member.php
	tests/filesystem/FileTest.php
	tests/forms/uploadfield/UploadFieldTest.php
	tests/model/VersionedTest.php
	tests/security/BasicAuthTest.php
2015-01-15 18:52:46 +13:00
Damian Mooyman
19549d620f Moved deprecation of SQLQuery to 4.0 2014-12-04 09:30:50 +13:00
Jonathon Menz
01989aac4e FIX: Manifest flushing
Fixes silverstripe/silverstripe-framework#2325
Fixes silverstripe/silverstripe-framework#3093

Static manifest was not being flushed during a dev/build on some environments (without ?flush in URL) and template manifest was never being flushed during a dev/build.
2014-11-26 10:15:09 +10:30
Damian Mooyman
0b1f297873 Merge remote-tracking branch 'origin/3.1'
Conflicts:
	.travis.yml
	README.md
	admin/code/LeftAndMain.php
	admin/css/screen.css
	admin/scss/screen.scss
	api/RestfulService.php
	conf/ConfigureFromEnv.php
	control/injector/ServiceConfigurationLocator.php
	control/injector/SilverStripeServiceConfigurationLocator.php
	core/ClassInfo.php
	core/Object.php
	css/AssetUploadField.css
	css/ComplexTableField_popup.css
	dev/CSSContentParser.php
	dev/DevelopmentAdmin.php
	docs/en/changelogs/index.md
	docs/en/misc/contributing/code.md
	docs/en/reference/execution-pipeline.md
	filesystem/GD.php
	filesystem/ImagickBackend.php
	filesystem/Upload.php
	forms/Form.php
	forms/FormField.php
	forms/HtmlEditorConfig.php
	forms/gridfield/GridFieldDetailForm.php
	forms/gridfield/GridFieldSortableHeader.php
	lang/en.yml
	model/Aggregate.php
	model/DataList.php
	model/DataObject.php
	model/DataQuery.php
	model/Image.php
	model/MySQLDatabase.php
	model/SQLQuery.php
	model/fieldtypes/HTMLText.php
	model/fieldtypes/Text.php
	scss/AssetUploadField.scss
	search/filters/SearchFilter.php
	security/Authenticator.php
	security/LoginForm.php
	security/Member.php
	security/MemberAuthenticator.php
	security/MemberLoginForm.php
	security/Security.php
	tests/behat/features/bootstrap/SilverStripe/Framework/Test/Behaviour/CmsFormsContext.php
	tests/control/HTTPTest.php
	tests/control/RequestHandlingTest.php
	tests/filesystem/UploadTest.php
	tests/forms/FormTest.php
	tests/forms/NumericFieldTest.php
	tests/model/DataListTest.php
	tests/model/DataObjectTest.php
	tests/model/TextTest.php
	tests/security/MemberAuthenticatorTest.php
	tests/security/SecurityDefaultAdminTest.php
	tests/view/SSViewerCacheBlockTest.php
	tests/view/SSViewerTest.php
2014-11-18 12:45:54 +13:00
Damian Mooyman
0a04e2e77b Merge pull request #3484 from dnadesign/object_has_extension_fix
fixed and tested object has_extension
2014-10-24 17:20:00 +13:00
John Milmine
62658a6cca fixed and tested object has_extension 2014-10-24 16:58:50 +13:00
Damian Mooyman
db0cad4616 BUG ErrorControlChain now supports exception handling 2014-09-26 16:54:34 +12:00
Sean Harvey
f7af0d8955 Merge pull request #3398 from dnadesign/fixsortableheader
API: Add ClassInfo::table_for_object_field to return the table name for ...
2014-09-26 11:14:33 +12:00
Will Rossiter
920978df99 API: Add ClassInfo::table_for_object_field
Returns the table name for a field in a class hierarchy.

This issue raised itself with GridFieldSortableHeader not supporting sorting on fields from parent class fields.
2014-09-26 10:38:31 +12:00
Sean Harvey
99f8fb29b5 Merge pull request #3507 from tractorcow/pulls/fix-mailer
API / FIX / Cleanup - Mailer and Convert::html2raw
2014-09-26 10:15:18 +12:00
Damian Mooyman
bf4e9eb044 API Singleton method allowing type inference
This pattern improves over the current usage of singleton by allowing type inference.
This also better supports refactor, code usage detection, and auto-completion of classes.
2014-09-26 09:10:25 +12:00
Damian Mooyman
29e3347562 API Convert::html2raw no longer wraps text automatically
BUG Convert::html2raw now correctly decodes single quotes
2014-09-25 16:04:48 +12:00
Sean Harvey
07eef2ece2 Removing deprecated class/functions marked for deprecation in 3.0/3.1 2014-08-25 12:06:05 +12:00
Sean Harvey
2b316e79e5 NEW Provide a consistent way of triggering flush
Provides an interface for classes to implement their own flush()
functionality. This function gets called early in a request on
all implementations of Flushable when flush=1|all is requested in the
URL.

This fix came out of an issue where Requirements combined files were not
being cleaned up after dev/build?flush=1, due to the fact that flush
would only occur when you called it while on a page that used those
combined files, but not in any other contexts. This will now call flush
on any implementors of Flushable regardless of the context of where
flush was called.
2014-08-22 09:24:27 +12:00
Damian Mooyman
eb069e605d Remove all redundant whitespace 2014-08-19 09:17:15 +12:00
Will Morgan
807755f002 FIX TemplateManifest prevent cache collision 2014-07-28 08:52:11 +12:00
Simon Welsh
c14d58f585 Merge branch '3.1'
Conflicts:
	.travis.yml
	model/ManyManyList.php
	model/fieldtypes/DBField.php
2014-07-16 21:24:02 +10:00
Damian Mooyman
d8e9af8af8 API New Database abstraction layer. Ticket #7429
Database abstraction broken up into controller, connector, query builder, and schema manager, each independently configurable via YAML / Injector
Creation of new DBQueryGenerator for database specific generation of SQL
Support for parameterised queries, move of code base to use these over escaped conditions
Refactor of SQLQuery into separate query classes for each of INSERT UPDATE DELETE and SELECT
Support for PDO
Installation process upgraded to use new ORM
SS_DatabaseException created to handle database errors, maintaining details of raw sql and parameter details for user code designed interested in that data.
Renamed DB static methods to conform correctly to naming conventions (e.g. DB::getConn -> DB::get_conn)
3.2 upgrade docs
Performance Optimisation and simplification of code to use more concise API
API Ability for database adapters to register extensions to ConfigureFromEnv.php
2014-07-09 18:04:05 +12:00
Damian Mooyman
c26df0b3c6 Revert "BUG Config::merge_array_low_into_high() ignores falsey values" 2014-07-09 09:57:25 +12:00
Sean Harvey
16e546300f BUG Config::merge_array_low_into_high() ignores falsey values
Specific case: LeftAndMain::$session_keepalive_ping = true cannot be
set to false in config.yml for some cases because the value is ignored
when merge_array_low_into_high() is processing the config arrays.
2014-07-08 15:18:26 +12:00
Damian Mooyman
c30111eee3 Better encoding of javascript
Fixes #2988
2014-07-07 09:01:53 +12:00
Damian Mooyman
d3c7e41419 BUG using isDev or isTest query string no longer triggers basic auth 2014-07-02 11:51:51 +12:00
Damian Mooyman
ef03dfdd5b Merge remote-tracking branch 'origin/3.1' 2014-06-17 18:17:24 +12:00
Loz Calver
3d71a22a98 FIX: ClassManifest errors if files contain duplicate class names (fixes #3210) 2014-06-16 22:18:18 +01:00
Ingo Schommer
bb03f6ba2f Merge remote-tracking branch 'origin/3.1'
Conflicts:
	forms/HtmlEditorField.php
2014-06-15 22:50:20 +12:00
Ingo Schommer
ec325a3c7f API Fix HTTPS proxy header detection
Didn't use the de facto standard HTTP_X_FORWARDED_PROTO or the less standard HTTP_FRONT_END_HTTPS.
Removed the 'X-Forwarded-Proto', since PHP should prefix/underscore all HTTP headers before it hits $_SERVER.

References:
- https://docs.djangoproject.com/en/1.4/ref/settings/#secure-proxy-ssl-header
- https://drupal.org/node/1859252
- https://drupal.org/node/313145
- http://scottwb.com/blog/2013/02/06/always-on-https-with-rails-behind-an-elb/
2014-05-22 18:34:15 +12:00
Damian Mooyman
ec578e5c8a Merge remote-tracking branch 'origin/3.1' 2014-05-12 11:32:22 +12:00
Ingo Schommer
a05d8113af Merge pull request #3103 from simonwelsh/configstatic_nextstring
Adds to nextString() method to ConfigStaticManifest
2014-05-09 16:08:19 +12:00