tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-01 05:39:10 +02:00
Code Issues Projects Releases Wiki Activity
22,706 Commits 30 Branches 526 Tags 158 MiB
badc17891c
Commit Graph

2051 Commits

Author SHA1 Message Date
Robbie Averill
8bd9f48669
Merge pull request #9501 from mattclegg/1588075087 
DOCS: Fix typos & grammer
 2020-04-28 09:42:03 -07:00
mattclegg
dbecdd52d2
DOCS: Add reference for undocumented TEMP_FOLDER 2020-04-28 17:51:25 +05:45
mattclegg
df8cb9e010
DOCS: Update filter to use correct class 2020-04-28 17:50:40 +05:45
mattclegg
76bc7524a7
DOCS: Fix typos & grammer 2020-04-28 17:50:39 +05:45
Thomas Portelange
b38c35fe90
Fixes warning if session is not active 
See issue https://github.com/silverstripe/silverstripe-framework/issues/9496
 2020-04-27 13:51:19 +02:00
Dan Hensby
28ba4f701a
Merge branch '4.5' into 4 2020-04-27 09:54:27 +01:00
Dan Hensby
13b4d60d4a
Merge branch '4.4' into 4.5 2020-04-27 09:53:42 +01:00
Dan Hensby
85b37999be
Merge branch '4.3' into 4.4 2020-04-27 09:52:52 +01:00
Dan Hensby
e328d6f0d9
Merge branch '4.2' into 4.3 2020-04-27 09:51:24 +01:00
Dan Hensby
33b0b6985a
Update file paths for autoloading compatibility 2020-04-25 10:28:28 +01:00
Dan Hensby
b9f8ab44ac
Rename DBBigint.php for composer autoloading compatability 2020-04-24 23:15:42 +01:00
Garion Herman
50484417da Merge branch '4.5' into 4 2020-04-23 23:11:46 +12:00
Daniel Hensby
42cee6f5fb
Merge pull request #9489 from mattclegg/1587548067 
DOCS: Fix typos
 2020-04-22 12:28:02 +01:00
Daniel Hensby
826d1fa4eb
Merge pull request #9491 from mattclegg/1587548119 
DOCS: Remove unnecessary `return`
 2020-04-22 12:22:15 +01:00
mattclegg
2f717a4d90
DOCS: Remove unnecessary return 2020-04-22 15:50:12 +05:45
mattclegg
d521a52a33
DOCS: Fix typos 2020-04-22 15:20:11 +05:45
Daniel Hensby
237b2d5f74
Convert array delcarations to short array syntax 2020-04-20 18:58:09 +01:00
Garion Herman
9aba767e36
Merge pull request #9460 from chrometoasters/pulls/fix-9459-public-path 
Fix SS_BASE_URL logic when undefined and docroot without public folder
 2020-04-20 21:06:46 +12:00
Garion Herman
f94078d963
Merge pull request #9408 from chrometoasters/pulls/classes-with-extension 
Add ClassInfo method to get all classes with a given extension applied
 2020-04-20 20:11:01 +12:00
Loz Calver
e08bf1cdd9
Merge pull request #9461 from creative-commoners/pulls/4/remove-db-config-glob 
Cache results of _configure_database.php glob
 2020-04-20 08:45:48 +01:00
mattclegg
2169891651
BUGFIX: Ensure realpath returns a string for stripos 
[Deprecated] stripos(): Non-string needles will be interpreted as strings in the future. Use an explicit chr() call to preserve the current behavior
 2020-04-19 11:21:34 +05:45
Serge Latyntcev
cb36aab80c Merge branch '4.5' into 4 2020-04-15 14:49:19 +12:00
Maxime Rainville
7da77be5ce Merge branch '4.5' into 4 2020-04-15 08:22:27 +12:00
Daniel Hensby
03239f9dcc
Merge pull request #9454 from open-sausages/pulls/4/myisam 
NEW Allow InnoDB for FULLTEXT indexes
 2020-04-14 11:50:45 +01:00
mattclegg
60e670176a
DOCS: Correct spelling 2020-04-14 15:00:08 +05:45
mattclegg
5585f6633f
DOCS: Update typos 2020-04-14 15:00:08 +05:45
mattclegg
e968f5cb86
DOCS: Remove outdated TODO 2020-04-14 15:00:08 +05:45
Maxime Rainville
14bbaac1cb Merge tag '4.5.3' into 4.5 
Release 4.5.3
 2020-04-14 14:23:57 +12:00
Maxime Rainville
de8fd82c55 Merge branch '4.4' into 4.5 2020-04-14 14:18:18 +12:00
Maxime Rainville
1fe6255f9b Merge tag '4.4.6' into 4.4 
Release 4.4.6
 2020-04-14 14:13:59 +12:00
Serge Latyntcev
9779e42963 BUG Register new sub tasks to fix files affected by CVE-2020-9280 and CVE-2019-12245 2020-04-13 19:43:53 +12:00
Serge Latyntcev
b269d87490 BUG Register new sub tasks to fix files affected by CVE-2020-9280 and CVE-2019-12245 2020-04-13 17:16:57 +12:00
Steve Boyd
75d31c2cd3 Cache glob results for _configure_database.php 2020-04-10 23:15:12 +12:00
Michal Kleiner
ab87bdc044
Fix SS_BASE_URL logic when undefined and docroot without public folder 2020-04-10 15:06:14 +12:00
Ingo Schommer
a50e15e5ee FIX Avoid VACUUM on test dbs in Postgres 
The Postgres implementation was always faulty,
but the database exception was swallowed until
See https://github.com/silverstripe/silverstripe-framework/pull/9456.

Now that the the exception is only swallowed the first time,
the second recurrence will cause failing test execution.

This is a bit of an awkward fix, but the indirection "through" DataObject doesn't allow for anything else without changing public API surface.
The logic goes from TempDatabase to DBSchemaManager, then through the closure into DataObject->requireTable(),
then back into DBSchemaManager->requireTable(). And updateschema() is subclassed in SQLite3, making it difficult to add more arguments.

VACUUM is described as:

> VACUUM reclaims storage occupied by dead tuples. In normal PostgreSQL operation, tuples that are deleted or obsoleted by an update are not physically removed from their table; they remain present until a VACUUM is done. Therefore it's necessary to do VACUUM periodically, especially on frequently-updated tables.

https://www.postgresql.org/docs/9.1/sql-vacuum.html

Since test databases are short-lived, there's no reason to delete dead tuples, they'll be garbage collected when either the transaction is rolled back, or the database is destroyed after the test run.
 2020-04-09 14:43:16 +12:00
Ingo Schommer
2c5deceeb4 FIX Filter out all FULLTEXT BOOLEAN chars 
The query might still work depending on where these chars are placed,
but it seems weird to only remove *some* of the valid chars here.
See https://dev.mysql.com/doc/refman/5.6/en/fulltext-boolean.html

Note that the query runs both the actual boolean query with chars,
and then a separate relevance search without them.
 2020-04-09 10:32:45 +12:00
Ingo Schommer
0215fdd262 DOC Clarify sanitisation in searchEngine() under boolean mode 
This came up in https://github.com/silverstripe/silverstripe-cms/issues/1452, and wasn't fully addressed.
Either we allow boolean mode and all the constraints this brings around special character usage,
or we filter out those special characters, which makes boolean mode pointless.
You can't just pass arbitrary user input in a power-user function like this.
See https://dev.mysql.com/doc/refman/5.6/en/fulltext-boolean.html

Context: This used to work for some examples like "foo>*" under MyISAM,
presumably because it had a more lenient parser. InnoDB rightfully complains about this now.
 2020-04-09 10:32:45 +12:00
Ingo Schommer
c6b698cb02 NEW Allow InnoDB for FULLTEXT indexes 
MyISAM used to be the only one to support it, now InnoDB has caught up.
Unless an engine is set specifically in create_table_options,
this will auto-convert existing MyISAM tables to InnoDb.

Fixes #9242
 2020-04-09 10:32:45 +12:00
Ingo Schommer
052c5cbc38 BUG Infinite loops in TempDatabase (fixes #8902) 
Ugly, but so is the original implementation that this works around (swallowing an exception to trigger functionality)
 2020-04-08 13:58:02 +12:00
Robbie Averill
f77f725355
Merge pull request #9447 from mattclegg/docs__GridFieldDetailForm_ItemRequest-httpError 
[DOCS] Better debug text for errors generated by GridFieldDetailForm_ItemRequest
 2020-04-02 13:05:49 -07:00
Robbie Averill
d3b19069b3
Apply suggestions from code review 
Add double quotes around object title
 2020-04-02 12:51:13 -07:00
Dan Hensby
d1075f29b8
Remove empty parameter as per feedback 2020-04-02 12:11:35 +01:00
Dan Hensby
9e0ed0a50a
Fix spaces around concatenation operator 2020-04-02 12:09:22 +01:00
Dan Hensby
5bf2ac83ee
Merge branch '4.5' into 4 2020-04-01 19:23:47 +01:00
Loz Calver
39fab1974a
Merge pull request #9435 from unclecheese/pulls/4.5/wha-diff 
BUGFIX: Ensure diff arrays are one-dimensional
 2020-04-01 09:16:20 +01:00
Matt Clegg
e80f1b2b83
[DOCS] Member::logInAs is not a valid example 
Member::logInAs doesn't exist as a static function.

Additionally, `logInAs` does exist as a function in SapphireTest.php, so, should this be updated to also use `Member::actAs` for consistency?
 2020-03-31 18:20:21 +05:45
mattclegg
24bc80ed35
[DOCS] Better debug text for errors generated by GridFieldDetailForm_ItemRequest 2020-03-31 12:09:16 +05:45
Daniel Hensby
1fb574a5bd
NEW: Variadic URL parameter matches for url_handlers (#9438) 
* Add wildcard URL parameter matches for url_handlers

* Extra tests for wildcard parameters

* Add a PHP warning if more params appear after wildcard param
 2020-03-25 09:16:13 +13:00
Michal Kleiner
30c3b127c1 NEW Add ClassInfo method to get all classes with a given extension applied 2020-03-24 10:48:35 +13:00
Robbie Averill
5002f514b3
FIX Capitalisation fixes in welcome back message (#9439) 2020-03-23 15:54:30 +13:00
Aaron Carlino
7ad5f1bb14 BUGFIX: Ensure diff arrays are one-dimensional 2020-03-17 15:57:28 +13:00
Robbie Averill
b6512edec8
Merge pull request #9434 from mattclegg/bugfix--silverstripe-admin--requirements 
[BUGFIX] silverstripe/admin is not required to be installed
 2020-03-16 09:48:39 -07:00
mattclegg
06dab6b539
[BUGFIX] silverstripe/admin is not required to be installed 
If the silverstripe/admin module is not installed then the javascript/css requirements fail to load
 2020-03-16 18:54:01 +05:45
Garion Herman
88660e6435
Merge pull request #9426 from creative-commoners/pulls/4.5/change-atomic-job-title 
DOC Update atomic MigrationTask description
 2020-03-16 15:19:33 +13:00
Ramon Lapenta
9c7eac481e Add "option" to list elements that belong to "listbox" 
The accessibility attribute `role="listbox"` requires its immediate children to be set as `role="option"`, currently they don't have this option and accessibility tests are failing.
 2020-03-10 11:10:04 -06:00
Steve Boyd
667495eaf9 Merge branch '4.5' into 4 2020-03-06 10:53:28 +13:00
Steve Boyd
687435a2f1 Merge branch '4.4' into 4.5 2020-03-06 10:52:22 +13:00
Steve Boyd
6d6cc65927 Update description 2020-03-06 09:57:31 +13:00
UndefinedOffset
bba0f2f72f
BUGFIX: Fixed issue where TimeField_Readonly would only show "(not set)" instead of the value 2020-02-24 09:59:00 -04:00
Maxime Rainville
affd43052a Merge branch '4.5' into 4 2020-02-17 18:11:23 +13:00
Maxime Rainville
acd7d94167 Merge branch '4.4' into 4.5 2020-02-17 13:07:26 +13:00
Maxime Rainville
49fda52b12
Merge pull request #94 from silverstripe-security/fix/cve-2019-19325 
CVE-2019-1935
 2020-02-17 12:54:40 +13:00
Serge Latyntcev
ad1b00ec7d [CVE-2019-19325] XSS through non-scalar FormField attributes 
Silverstripe Forms allow malicious HTML or JavaScript to be inserted
through non-scalar FormField attributes, which allows performing XSS (Cross-Site Scripting)
on some forms built with user input (Request data). This can lead to phishing attempts
to obtain a user's credentials or other sensitive user input.
There is no known attack vector for extracting user-session information or credentials automatically,
it required a user to fall for the phishing attempt.
XSS can also be used to modify the presentation of content in malicious ways.
 2020-02-17 09:58:29 +13:00
Guy Marriott
c31de772ab
Merge pull request #8838 from creative-commoners/pulls/4/slash-means-root 
Use '/' as an alternative designation for root in routing
 2020-02-14 11:29:32 -08:00
Garion Herman
29943f9049
API TestSession request methods now use the correct HTTP method (#8987) 
* API TestSession request methods now use the correct HTTP method

* DOCS Update requests section in Functional Testing to reflect API change
 2020-02-14 16:01:06 +13:00
Garion Herman
9d1d59d8d1 NEW Accept / as designation for root URL controller 2020-02-14 14:41:10 +13:00
Steve Boyd
8c7e10bd55 Merge branch '4.5' into 4 2020-02-11 16:45:35 +13:00
Steve Boyd
9d5c3ef20e Merge branch '4.4' into 4.5 2020-02-11 16:45:15 +13:00
Mojmir Fendek
285e6caafa PR fixes 2020-02-11 10:43:01 +13:00
Mojmir Fendek
448147c2f1 PR fixes 2020-02-10 09:17:34 +13:00
Mojmir Fendek
660f80d284 PR fixes 2020-02-07 13:49:19 +13:00
mnuguid
ca36a47bb1 FIX Update ORM DBField types to use Injector in scaffoldFormField() 
- This is usable in cases where a DBField is needed to be overloaded through the Injector.
 2020-02-04 21:43:47 +13:00
Mojmir Fendek
99786dda22 ORM Column now supports related table lookup 2020-01-28 15:46:30 +13:00
Mojmir Fendek
9c38c5f625 CMS action related extension points (#9340) 
* CMS action related extension points

* Refactor to use fewer extension points

* Remove explicit return type

Co-authored-by: Aaron Carlino <unclecheese@leftandmain.com>
 2020-01-27 15:09:15 +13:00
Maxime Rainville
6ff0f3f466 BUG The "Link existing" should be disabled rather than readonly. 2020-01-24 14:47:12 +13:00
Robbie Averill
4121099484 Merge branch '4.5' into 4 2020-01-16 20:00:02 -08:00
Robbie Averill
53fcd47dfc Merge branch '4.4' into 4.5 2020-01-16 19:59:42 -08:00
Robbie Averill
26e3b6f4e3 Merge branch '4.3' into 4.4 2020-01-16 19:59:24 -08:00
Mojmir Fendek
acbbf80d14 CMS action related extension points (#9340) 
* CMS action related extension points

* Refactor to use fewer extension points

* Remove explicit return type

Co-authored-by: Aaron Carlino <unclecheese@leftandmain.com>
 2020-01-15 14:24:49 +13:00
Robbie Averill
38d7bd700d
Merge pull request #9373 from manja/4.5 
Fixed issue with merging existing entities in text collector
 2020-01-14 09:27:35 -08:00
Martin D
ec6a353543 array_key_exists() on objects is deprecated 
Ref: https://wiki.php.net/rfc/deprecations_php_7_4#array_key_exists_with_objects
 2020-01-14 09:22:49 -08:00
Nemanja Karadzic
18f0829053 Fixed issue with merging existing entities in text collector 2020-01-14 14:20:40 +01:00
Garion Herman
af90d17e19
Merge pull request #9359 from open-sausages/pulls/4.4/dbhtmlvarchar-scafolding 
BUG Remove bad default when scaffolding form field for DBHTMLVarchar
 2020-01-07 09:33:25 +13:00
Maxime Rainville
31a8c16c43
Remove default row size 2020-01-07 09:13:03 +13:00
Loz Calver
a42249b6fc Minor performance improvement in DatabaseAdapterRegistry::autoconfigure() 2019-12-19 14:39:46 +00:00
Serge Latyntcev
eaf6bca706 Merge branch '4.5' into 4 2019-12-19 11:26:38 +13:00
Maxime Rainville
8d69cf9f75 BUG Remove bad default when scaffolding form field for DBHTMLVarchar 2019-12-18 17:32:02 +13:00
Andre Kiste
6650d81324 BUG Fix extra blank Group being created when creating a new Group (#9325) 
* Fix extra blank Group being created when creating a new Group

* Update tests to reflect expected behavior

* Improved tests
 2019-11-27 09:32:33 +13:00
shoosah
2724d93111 Allow to add error message into a specific field 2019-11-22 11:03:27 +13:00
Loz Calver
453945da14 FIX: Session::restart() didn't correctly restart session (fixes #9259) 2019-11-20 14:21:30 +00:00
Serge Latyntcev
f67e15b8ee Merge branch '4.5' into 4 2019-11-20 11:12:49 +13:00
Serge Latyntcev
91e4aa90f1 Merge branch '4.4' into 4.5 2019-11-20 11:09:23 +13:00
Serge Latyntcev
8219491705 Merge branch '4.3' into 4.4 2019-11-20 11:08:35 +13:00
Robbie Averill
77ccadd663
Merge pull request #9300 from LABCAT/patch-1 
Improvement to docs for send_file function
 2019-11-14 09:08:16 -08:00
Serge Latyntcev
559f660e0e Merge branch '4.4' into 4 2019-11-13 15:40:34 +13:00
Mojmir Fendek
e2bea6b41f API Add withConfig method (#9011) 
* With config functionality added.
* Update docs/en/02_Developer_Guides/04_Configuration/00_Configuration.md
 2019-10-31 16:12:04 +13:00
Michal Kleiner
4f614423ad Ensure Requirements_Backend respects explicit false for async/defer 2019-10-30 09:59:57 +13:00
Damian Mooyman
e76601e5c8
BUG FormAction title property cannot be set if useButtonTag is false 2019-10-29 17:21:45 +13:00
LABCAT
501d9a1480
Update HTTPRequest.php 2019-10-23 22:52:53 +13:00
LABCAT
630c6c0514
Update src/Control/HTTPRequest.php 
Co-Authored-By: Robbie Averill <robbie@averill.co.nz>
 2019-10-23 21:05:22 +13:00
Garion Herman
17f4cc6e30
Merge pull request #9281 from creative-commoners/pulls/4/textfield-tip-ui 
NEW: Add support for Tip UI in TextField
 2019-10-23 16:50:43 +13:00
Garion Herman
bed3f2b3c6 NEW Add type declarations to Tip API, add TippableFieldInterface 2019-10-23 10:46:22 +13:00
Garion Herman
195417b061 NEW Extract Tip from TextField, add test coverage 2019-10-22 17:04:58 +13:00
LABCAT
d3a17958ef
Update src/Control/HTTPRequest.php 
Co-Authored-By: Robbie Averill <robbie@averill.co.nz>
 2019-10-22 16:17:04 +13:00
LABCAT
67c944c962
Improvement to docs for send_file function 2019-10-22 15:18:03 +13:00
Serge Latyntsev
bd2ccf70fa
Merge pull request #9282 from open-sausages/pulls/4/docs/clarify-basic-auth 
DOCS Clarify BasicAuth limitations
 2019-10-22 14:01:51 +13:00
Maxime Rainville
e59625fe5a
NEW Add ability to define image size preset for the TinyMCE editor. (#9276) 
* NEW Add ability to define image size preset for the TinyMCE editor.
* DOC Explain how to define image size pre-sets
 2019-10-22 11:50:28 +13:00
Serge Latyntcev
33a28394d6 Merge branch '4.4' into 4 2019-10-18 15:59:28 +13:00
Serge Latyntcev
0cf5d4cbe2 Merge branch '4.3' into 4.4 2019-10-18 15:58:13 +13:00
Serge Latyntcev
46b9530d88 PSR2 linting fixes 2019-10-18 15:31:39 +13:00
Serge Latyntcev
7873efde9c Merge branch '4.4' into 4 2019-10-18 10:58:19 +13:00
Serge Latyntcev
dcbe6d0310 Merge branch '4.3' into 4.4 2019-10-18 10:57:35 +13:00
Garion Herman
efc7ba9520 NEW Tweak TextField Tip API to match changes to component 2019-10-11 15:04:56 +13:00
Ingo Schommer
8dcda91538 DOCS Clarify BasicAuth limitations 2019-10-10 10:41:39 +13:00
Garion Herman
a44bc5bcf3 NEW Add support for Tip UI in TextField 
See TextField documentation in silverstripe/admin Pattern Library
 2019-10-09 16:26:06 +13:00
Damian Mooyman
d7752b7945
Run PSR2 Lint cleaner 2019-10-04 13:26:31 +13:00
Damian Mooyman
f1594fd991 BUG Ensure that canCreate() context matches that respected by GridFieldAddNewButton 2019-10-04 11:24:34 +13:00
Robbie Averill
4d5d7a34a1 NEW Add FilterInterface and retrofit into URLSegmentFilter 
There are other filters in the core SilverStripe product, e.g. FileNameFilter in silverstripe/assets
which would benefit from having a common filter interface. This retrofits one for URLSegmentFilter
in framework. I have not added any PHP 7 syntax in method signatures to avoid breaking backwards
compatibility.
 2019-10-04 10:51:24 +13:00
Robbie Averill
1265f09f4f
Merge pull request #9271 from michalkleiner/pulls/4/check-array-props-in-custom-methods 
FIX Check array keys existence when removing methods in CustomMethods
 2019-10-03 14:30:22 -07:00
Serge Latyntcev
7db524bd90 FIX DebugViewFrendlyErrorFormatter handle of admin_email 2019-10-04 10:26:54 +13:00
Robbie Averill
e49cec3a00
Merge pull request #9247 from jakxnz/pulls/4/record-login-attempt-outputs 
ENHANCEMENT: MemberAuthenticator::recordLoginAttempt() outputs
 2019-10-03 10:46:34 -07:00
Dylan Wagstaff
047ac060c4
Merge pull request #9265 from emteknetnz/feature/noopener 
Add noopener attribute to links with a target
 2019-10-03 14:42:50 +13:00
Steve Boyd
887f198b07 Add rel attribute to link elements with a target attribute 2019-10-03 14:03:12 +13:00
Damian Mooyman
58c080db5a FEATURE Option placeholder for upload folder id (#9262) 
* FEATURE Option placeholder for upload folder id

* ENHANCEMENT Add setFolderName() to TinyMCEConfig

* Typehint return type

* Add type to param
 2019-09-30 10:50:55 +13:00
Michal Kleiner
1a2dbfd3a5
Update conditional logic when checking array keys before removing methods in CustomMethods 2019-09-30 10:17:59 +13:00
Michal Kleiner
52a039f631 Check array keys existence prior to their usage when removing methods in CustomMethods 2019-09-27 14:57:15 +12:00
JorisDebonnet
349589b23b
Clarify that $title in FormField can accept ViewableData 
When constructing a FormField, an IDE would previously tell you the `$title` needs to be string (or null). Let's make it more clear that a ViewableData instance (such as `HTMLValue::create($title)`) is also accepted. This should help people more quickly find a solution to put html in labels.
 2019-09-26 02:39:39 +02:00
Sam Minnée
af6644f762
Merge pull request #9240 from chrometoasters/pulls/db-readonly-transactions-support 
NEW Introduce supported database transaction mode check
 2019-09-25 10:02:53 +12:00
Serge Latyntcev
88fde6e7c3 Merge branch '4.4' into 4 2019-09-24 17:29:06 +12:00
Serge Latyntcev
50a1aa4c4d Merge branch '4.3' into 4.4 2019-09-24 17:28:31 +12:00
Aaron Carlino
b002ef1171 Merge branch '4.4' into 4 2019-09-24 17:26:50 +12:00
Serge Latyntcev
8b7063a8e2 [CVE-2019-12617] Fix access escalation for CMS users with limited access through permission cache pollution 2019-09-24 16:03:48 +12:00
Serge Latyntcev
eccfa9b10d [CVE-2019-12203] Session fixation in "change password" form 
A potential account hijacking may happen if an attacker has physical access to
victim's computer to perform session fixation. Also possible if the targeted application contains an XSS vulnerability.
Requires the victim to click the password reset link sent to their email.
If all the above happens, attackers may reset the password before the actual user does that.
 2019-09-24 16:03:48 +12:00
Serge Latyntcev
5af205993d [CVE-2019-12617] Fix access escalation for CMS users with limited access through permission cache pollution 2019-09-24 16:00:51 +12:00
Serge Latyntcev
569237c0f4 [CVE-2019-12203] Session fixation in "change password" form 
A potential account hijacking may happen if an attacker has physical access to
victim's computer to perform session fixation. Also possible if the targeted application contains an XSS vulnerability.
Requires the victim to click the password reset link sent to their email.
If all the above happens, attackers may reset the password before the actual user does that.
 2019-09-24 16:00:51 +12:00
Jackson Darlow
a033662a3a MemberAuthenticator::recordLoginAttempt() outputs 2019-09-24 14:24:59 +12:00
Garion Herman
0d27f32cc9 FIX Add 'legal empty attributes' to allow empty alt values on imgs 
In some situations, a caption is used in place of a value in the alt
attribute, and in others an image may be cosmetic and not in need of an
alt attribute value (though the alt attribute must still be rendered in
this case).
 2019-09-24 11:44:12 +12:00
Robbie Averill
3cfc21c405
Merge pull request #9241 from open-sausages/pulls/4.4.3/fix-file-permission 
Fix administrators not being able to see files that are restricted to groups
 2019-09-23 11:13:26 -07:00
Guy Marriott
aa7c057422
FIX: Don't force-add view button to readonly GridField (fixes #… (#9254) 
FIX: Don't force-add view button to readonly GridField (fixes #9249)
 2019-09-23 10:31:25 -07:00
Loz Calver
efdb9cc718 FIX: run member CMS validator when editing via groups (fixes #9184) 2019-09-23 16:59:58 +01:00
Loz Calver
d85ff3bc44 FIX: Don't force-add view button to readonly GridField (fixes #9249) 2019-09-23 16:52:47 +01:00
bergice
6a1c6ecec6 Fix administrators not being able to see files that are restricted to groups 
Resolves https://github.com/silverstripe/silverstripe-asset-admin/issues/777
 2019-09-23 16:44:28 +12:00
Guy Marriott
6ff97821ed Merge branch '4.4' into 4 2019-09-18 15:52:36 -07:00
Guy Marriott
7877ffcc85 Merge branch '4.3' into 4.4 2019-09-18 15:52:18 -07:00
Hayden Shaw
daf9d55ecb Allow non summary fields to be used as export fields 
Fixes regression in 3d989a6eae.
 2019-09-19 10:00:54 +12:00
Michal Kleiner
bcbf90a837 NEW Introduce supported database transaction mode check 2019-09-16 14:44:15 +12:00
Robbie Averill
aa6b244db9 Merge branch '4.4' into 4 2019-09-13 18:11:46 -07:00
Robbie Averill
592ab6abc1 Merge branch '4.3' into 4.4 2019-09-13 18:11:34 -07:00
Robbie Averill
066ce8e01c Merge branch '4.2' into 4.3 
# Conflicts:
 #	src/View/ThemeResourceLoader.php
 2019-09-13 18:10:37 -07:00
Robbie Averill
cfe86ad5a1
Merge pull request #9153 from creative-commoners/pulls/4.4/stream-ree-tags 
FIX Skip md5-ing the whole contents of a stream for etags
 2019-09-13 17:59:26 -07:00
Robbie Averill
9a76d4adb4
Merge pull request #9181 from kinglozzer/8762-shortcode-templates 
NEW: Use templates to render embed shortcodes (closes #8762)
 2019-09-13 17:58:32 -07:00
Serge Latyntsev
233e0e7aa0 ENH PasswordExpirationMiddleware implementation (#9207) 2019-09-12 14:34:06 +12:00
Aaron Carlino
da6582f593 NEW: Remove web installer, move to separate package (#9231) 
* Remove installer

* Remove exposed install files

* Replace Dev/Install classes still in use

* Update changelog

* FIX make the grid field actions consistent to what they look like on pages

Resolves https://github.com/silverstripe/silverstripe-admin/issues/904

* Docs changes
 2019-09-11 13:10:25 +12:00
Maxime Rainville
591b88a9bc BUG Allow infinite loop when calling DataObject::writeComponent() recursively 2019-09-10 14:15:28 +12:00
Robbie Averill
e8c2f963fd FIX Member::getLastName() now correctly returns the Member surname 2019-09-06 12:12:27 -07:00
Robbie Averill
41a766d135
Merge pull request #9085 from kinglozzer/9084-path-join-exception 
Catch Path::join() exceptions in findTemplate() (fixes #9084)
 2019-09-06 12:00:39 -07:00
Robbie Averill
42dd02ef78
Merge pull request #9122 from aNickzz/4 
Add onBeforeRenderHolder extension point for FormField
 2019-09-06 11:53:10 -07:00
Hels666
22a6a5b1e3 NEW Add getLastName() method to Member.php (#9222) 
* Add getLastName() method to Member.php

Add getLastName() method to Silverstripe\Security\Member.php to allow use of $LastName instead of $Surname in templates as it is a common mistake made

this is for issue #9219
as discussed in Slack on 04-Sep-2019

* Minor doc block clean-up

* Update src/Security/Member.php - typo fix

Co-Authored-By: Guy Marriott <guy@scopey.co.nz>
 2019-09-06 20:31:22 +12:00
Maxime Rainville
dd40d53e6b Merge branch '4.4' into 4 2019-09-04 09:46:33 +12:00
Maxime Rainville
24015c7767 Merge branch '4.3' into 4.4 2019-09-04 09:42:09 +12:00
Robbie Averill
aec5051a24
Merge pull request #9206 from creative-commoners/pulls/4.3/strip-bom-on-csv-import 
FIX Byte Order Marks (BOM) are now stripped when importing CSV files
 2019-09-03 09:55:38 -07:00
Damian Mooyman
6759af3767
Escape strings a bit safer for doc generation 2019-09-03 19:38:19 +12:00
Damian Mooyman
f649657182
Clarify Director::absoluteURL behaviour 
Fixes #9111
 2019-09-03 19:34:16 +12:00
Robbie Averill
ef49dcf726
Merge pull request #9164 from sminnee/fix-9162 
FIX: Write relations when saving in grid-field item edit form
 2019-09-01 20:44:13 -07:00
Maxime Rainville
a2a202c016
Merge pull request #9200 from open-sausages/pulls/4.4.3/consistent-actions 
FIX make the grid field actions consistent to what they look like on pages
 2019-09-02 14:07:22 +12:00
bergice
2f8d847a10 FIX make the grid field actions consistent to what they look like on pages 
Resolves https://github.com/silverstripe/silverstripe-admin/issues/904
 2019-09-02 12:22:32 +12:00
Robbie Averill
0b991cc039
Merge pull request #9198 from elabuwa/pulls/4.3/bug-fix-html-entities-breadcrumbs-in-group 
Bug : Add html_entity_decode to group parents
 2019-08-30 09:51:52 +12:00
Dileep Ratnayake
fe4eb5dd2a
Update src/Security/Group.php 
Co-Authored-By: Maxime Rainville <maxime@rainville.me>
 2019-08-29 15:44:41 +12:00
Robbie Averill
77ba8391c4 FIX Byte Order Marks (BOM) are now stripped when importing CSV files 2019-08-29 14:54:57 +12:00
Maxime Rainville
73f43c6f42 BUG Remove placeholder text on new group form 2019-08-28 17:14:19 +12:00
Dileep Ratnayake
9b7075ed5d
Update Group.php 2019-08-27 16:22:00 +12:00
Dileep Ratnayake
a976a1688b
Update Group.php 
move to private method
 2019-08-27 16:21:08 +12:00
Dileep Ratnayake
40e5c4ec59
Update Group.php 
use of convert::raw2xml, rename $grp to $group
 2019-08-27 16:19:40 +12:00
Dileep Ratnayake
4f8240bd48
Update src/Security/Group.php 
Co-Authored-By: Andre Kiste <bergice@users.noreply.github.com>
 2019-08-27 12:19:03 +12:00
Will Rossiter
d2a07b1047
FIX Remove error when exporting a column that is not displayed in a GridField 2019-08-27 11:54:31 +12:00
Dileep Ratnayake
f7a602137a
add html_entity_decode to breadcrumbs 2019-08-27 11:49:17 +12:00
Loz Calver
759601741d NEW: Use templates to render embed shortcodes (closes #8762) 2019-08-21 09:32:16 +01:00
Robbie Averill
a5d6b998fc Merge branch '4.4' into 4 2019-08-16 16:40:39 +12:00
Robbie Averill
bae7e32680 FIX Member::changePassword() no longer applies password validation rules to the hashed value 2019-08-16 09:06:07 +12:00
Robbie Averill
45f86658ca Merge branch '4.4' into 4 2019-08-14 09:31:05 +12:00
Robbie Averill
4b44272367 Merge branch '4.3' into 4.4 2019-08-14 09:30:53 +12:00
Robbie Averill
d63e4b520c Merge branch '4.2' into 4.3 2019-08-14 09:30:41 +12:00
Nicholas Sorokin
4a32b3418a Add onBeforeRenderHolder extension point for FormField 2019-08-09 14:43:14 +09:30
Guy Marriott
3d989a6eae
FIX Use content generated by DataColumns component for print and csv export 2019-08-09 15:04:38 +12:00
Guy Marriott
f3132c89d7
Merge pull request #9170 from open-sausages/pulls/4/add-option-to-disable-user-agent-session-check 
API Add option to disable user-agent header session validation
 2019-08-08 11:47:07 +12:00
Aaron Carlino
b3093b7a1a BUGFIX: Allow state to be shared across nested GridFields 2019-08-07 23:09:51 +12:00
Maxime Rainville
4380d7d155 API Add option to disable user-agent header session validation 2019-08-06 22:00:01 +12:00
Robbie Averill
4268db069d
Merge pull request #9165 from sminnee/fix-multiline-gridfield 
FIX: Allow multi-line content in grid field cells
 2019-08-05 09:59:22 +12:00
Sam Minnee
6ec02da577 FIX: Allow multi-line content in grid field cells 
It’s amazing that this but has been present for 7 years, but there you
go!
 2019-08-02 17:46:56 +12:00
Sam Minnee
d088354f46 FIX: Write relations when saving in grid-field item edit form 
Fixes https://github.com/silverstripe/silverstripe-framework/issues/9162
 2019-08-02 16:17:42 +12:00
Robbie Averill
0672f8b76b NEW HTTPRequest now has hasSession() to determine whether a session exists for it 2019-08-02 11:29:23 +12:00
Robbie Averill
3224c9971b Merge branch '4.4' into 4 2019-08-02 11:24:54 +12:00
Robbie Averill
3b96c51688 Merge branch '4.3' into 4.4 2019-08-02 11:24:45 +12:00
Will Rossiter
82cc8b40a4 Create SearchContext via Injector (#9156) 2019-08-01 14:39:58 +12:00
Guy Marriott
0abfed3e06
FIX Skip md5-ing the whole contents of a stream for etags 2019-07-30 08:25:03 +12:00
Robbie Averill
5c794dfcdd FIX Prevent setting session value when no session exists yet 2019-07-29 17:16:01 +02:00
UndefinedOffset
40cd66852e BUGFIX: Fixed issue where multiple relationship sort order columns would be lost in favor of only the last relationship column in the sort order 2019-07-26 11:54:10 -03:00
Robbie Averill
89eb6c88b2 FIX Do not try and load fixtures from directories, fixes PHP 7.4 build errors 2019-07-26 10:13:47 +02:00
Robbie Averill
d1c927ff23 FIX Remove curly brace access to string offsets, deprecated in PHP 7.4 2019-07-24 12:17:49 +02:00
Chee Wai
cb91f5fa06 NEW Added SRI support for Requirements::css, Requirements::javascript (#9139) 2019-07-21 09:51:22 +02:00
Robbie Averill
79fa61edf8 FIX Type safety on nullable argument, fixes PHP 7.4 test 2019-07-19 12:05:27 +02:00
Robbie Averill
2a1394bed7 Merge branch '4.4' into 4 2019-07-19 10:46:00 +02:00
Robbie Averill
40f06fafa9 Merge branch '4.3' into 4.4 2019-07-19 10:45:44 +02:00
Robbie Averill
c7b15eaef5 Merge branch '4.2' into 4.3 2019-07-19 10:45:29 +02:00
Simon Gow
22b514c421 #9114 - DBText::ContextSummary() cuts line breaks 
ContextSummary() was cutting the HTML which was added by nl2br because
it expected plain text elements as it's stripping and replacing text.
Instead this fix changes the behaviour to apply the nl2br after the text
changes have been made. That way we can't cut anything in the middle of
a HTML tag, but new lines, or paragraphs are replaced by BRs after,
should they exist.

- Added tests to ensure text is not cut in the middle of a sentence.
- Added test to ensure that <br>'s are added in the correct place should
the summary span between new lines.
 2019-07-19 12:43:20 +12:00
Serge Latyntcev
29a663c65d Merge branch '4.4' into 4 2019-07-15 09:24:49 +12:00
Serge Latyntcev
d667d64f13 Merge branch '4.3' into 4.4 2019-07-15 09:18:17 +12:00
Guy Marriott
ec66d366d2
NEW: Deprecated PDO in favour of native drivers (#9052) 
NEW: Deprecated PDO in favour of native drivers
 2019-07-08 12:41:13 +12:00
Serge Latyntsev
7ef13e7ef6 FIX Confirmation components to respect SS_BASE_URL (#9074) 2019-07-05 16:05:41 +12:00
Robbie Averill
844d2ef134 NEW DBDate and DBDatetime now support modify() with a strtotime() style adjustment string (#9105) 2019-07-05 15:57:23 +12:00
Sam Minnee
404366909e FIX: Fix MysqlStatement::rewind() 
Its implementation is more naive than Query’s and leads to unnecessary
seek()ing. This causes issues with the previous commit.
 2019-07-03 14:28:31 +12:00
Sam Minnee
96e7914f23 FIX: Fix MySQLQuery::seek() and Query::rewind() to fix repeated iteration 
API: Query::seek() and Query::rewind() no longer return a value.

Although breaking an API inside a patch release may seem odd, this in
fact is correcting a long-standing bug in our implementation of 
Iterator::rewind(), so I think it’s appropriate.

https://github.com/silverstripe/silverstripe-framework/issues/9097
 2019-07-03 09:20:05 +12:00
UndefinedOffset
571a4d9ace NEW: Added support for config condition if PHP extension is loaded 2019-07-02 14:55:36 -03:00
Robbie Averill
ad050997fd
Merge pull request #9070 from kinglozzer/email-plaintext 
FIX: Email::render() generating object instead of string for plaintext part (fixes #9069)
 2019-07-02 18:47:18 +12:00
Robbie Averill
fd88003646
Merge pull request #9100 from creative-commoners/pulls/4.4/dataobject-scaffolding-freedom 
Allow extensions to modify form scaffolder in DataObject
 2019-07-02 18:46:39 +12:00
Guy Marriott
59ba9a717d
FIX Allow extensions to update form scaffolding on DataObjects 2019-06-28 16:11:16 +12:00
Guy Marriott
aeefb920e1
Allow displaying partial/full query message for debugging (#9020) 
Allow displaying partial/full query message for debugging
 2019-06-28 15:15:33 +12:00
Robbie Averill
c76d3a5db1 FIX Protect against undefined index when using nullifyEmpty option 2019-06-26 09:26:36 +12:00
Loz Calver
b1551a687d Catch Path::join() exceptions in findTemplate() (fixes #9084) 2019-06-21 09:40:18 +01:00
Saophalkun Ponlu
6a8c6703d1 Remove use_gzip from HTMLEditorField since it's been removed by TinyMCE codebase (#7261) 
* Remove `use_gzip` from HTMLEditorField

* DOCS Mention remove use_gzip in changelog
 2019-06-21 09:27:48 +12:00
Mario Sommereder
260c89fd54 Fix of delimiter not used bug 
See issue https://github.com/silverstripe/silverstripe-framework/issues/8881
 2019-06-20 11:11:27 +12:00
Guy Marriott
bb5b610636
Merge branch '4.4' into 4 2019-06-17 08:58:50 +12:00
3Dgoo
7e12bee86a
Requirements_Backend.php API documentation fix 
The API documentation for Requirements_Backend is currently broken:
https://api.silverstripe.org/4/SilverStripe/View/Requirements_Backend.html#method_customScript

This is because there are unescaped start tags in the function documentation. 

This is the same as the recent #9060 PR, but for the Requirements_Backend class this time.

This fix changes the tags to be escaped.
 2019-06-15 10:37:49 +09:30
Loz Calver
8e87264864 FIX: Email::render() generating object instead of string for plaintext part (fixes #9069) 2019-06-14 11:39:47 +01:00
3Dgoo
8dcfa53109
Requirements.php API documentation fix 
The API documentation for Requirements is currently broken:
https://api.silverstripe.org/4/SilverStripe/View/Requirements.html#method_customScript

This is because there are unescaped start tags in the function documentation. 

This fix changes the tags to be escaped.
 2019-06-13 09:21:12 +09:30
Sam Minnee
27ace03273 NEW: Deprecated PDO in favour of native drivers 
https://github.com/silverstripe/silverstripe-framework/issues/8598
 2019-06-11 16:17:30 +12:00
Aaron Carlino
d04e54c1be Merge branch '4.4' into 4 2019-06-10 17:33:30 +12:00
Aaron Carlino
c747b1f8d3 Merge branch '4.3' into 4.4 2019-06-10 17:32:07 +12:00
Aaron Carlino
f766555d61 Merge branch '4.2' into 4.3 2019-06-10 17:27:05 +12:00
Serge Latyntcev
ca56e8d78e [CVE-2019-12246] Denial of Service on flush and development URL tools 2019-06-10 17:23:56 +12:00
Aaron Carlino
e2da7b0dc4 Merge branch '4.4' into 4 2019-06-10 16:37:16 +12:00
Sam Minnée
654156d46d FIX: Fix bug when confirmed password is changed but not the password. (#9012) 
In this case the confirmed password field is not reflected. It’s 
unclear how often this situation would arise outside of test scenarios,
but may come up if $form->loadDataFrom() is called more than once.

Fixes #2496 (it’s a minor issue but I think this is why Dan flagged it
as a regression). Originally introduced as part of Dan’s initial fix
at 2a6f1f1949.
 2019-06-10 15:48:29 +12:00
Robbie Averill
179a982f45
Merge pull request #9019 from rafaeldsousa/pull/include-cancreate-check-gridfield-rightgroupfield 
Including canCreate in if statement so that button gets removed if us…
 2019-06-10 09:59:45 +12:00
Maxime Rainville
761f7d15ce
Merge pull request #9045 from open-sausages/pulls/4.4/in-memory-cache-opt-out 
Opt-out of in-memory caching factory
 2019-06-07 12:40:46 +12:00
Ingo Schommer
8324235eda API Opt-out of in-memory caching factory 
In-memory caches are typically more resource constrained (number of items and storage space).
Give cache consumers an opt-out if they are expecting to create large caches with long lifetimes.
Use case: https://github.com/silverstripe/silverstripe-assets/pull/282
 2019-06-07 12:21:10 +12:00
Andre Kiste
1da181a3b3
Merge pull request #9022 from open-sausages/pulls/4.4/migrate-task-colours 
NEW Clearer file migration output with colours
 2019-06-06 15:46:28 +12:00
Ingo Schommer
f4cdfb06c8 Update environment timeouts 
See https://github.com/silverstripe/silverstripe-framework/issues/9029
 2019-06-06 15:18:12 +12:00
Robbie Averill
e8fa3d8750 DOCS Fix incorrect deprecation reference in MonologErrorHandler 2019-06-06 09:30:50 +12:00
Ingo Schommer
b21e5d9e57 Moved time limit increases from individual job 
Should apply to all file migration subtasks, not just the first one (see silverstripe/assets)
 2019-06-05 15:10:46 +12:00
Ingo Schommer
2d4711de01 Fixed logging 
Broke loggers attached by queuedjobs because it wasn't using the global service.
Since the stderr handler was set to bubble=false, those messages weren't picked up by queuedjobs.
Removed preformatted handler since there's no longer an ability to run this stuff via web
 2019-06-05 15:09:58 +12:00
Ingo Schommer
7301b375b8 NEW Clearer file migration output with colours 2019-06-05 11:41:06 +12:00
Jarkko Linnanvirta
9184056b5e URLSegmentFilter: Remove : characters from url segments when multibyte characters are allowed. 2019-06-02 11:43:51 +03:00
Guy Marriott
0520d77461
API checkHistoricalPasswords(), characterStrength() and minLength() are now correctly deprecated from 4.5.0 onwards (#9008) 
API checkHistoricalPasswords(), characterStrength() and minLength() are now correctly deprecated from 4.5.0 onwards
 2019-05-31 09:56:39 +12:00
Robbie Averill
6678f92681
Merge pull request #9025 from taoceanz/4 
Removed unused use BadMethodCallException statement.
 2019-05-30 09:38:47 +12:00
Robbie Averill
00fd74a0a1 Merge branch '4.4' into 4 
# Conflicts:
 #	src/Dev/Tasks/MigrateFileTask.php
 2019-05-30 09:36:42 +12:00
Robbie Averill
14673ffd0a Merge branch '4.3' into 4.4 2019-05-30 09:35:26 +12:00
Robbie Averill
188698dcee Merge branch '4.2' into 4.3 2019-05-30 09:35:17 +12:00
Robbie Averill
7f69cc8f94 Merge branch '4.1' into 4.2 2019-05-30 09:35:06 +12:00
Robbie Averill
02864aba3f Merge branch '4.0' into 4.1 2019-05-30 09:34:55 +12:00
Robbie Averill
3e2fc6aa0b Automated phpcbf linting 2019-05-30 09:34:34 +12:00
Robbie Averill
a1f0d7a3bf
Merge pull request #9016 from sminnee/partial-fix-4622 
FIX: Better message when form action handler not found.
 2019-05-30 09:22:54 +12:00
Thomas Ocean
e30483a7dc Removed unused use BadMethodCallException statement. 2019-05-30 09:08:33 +12:00
shoosah
80e4886c3f Add getter and change visibility for whitelist_array property 2019-05-28 14:15:12 +12:00
Rafael Marins de Sousa
f7c1be7ac1 Including canCreate in if statement so that button gets removed if user isn't to be able to create new records 2019-05-28 12:28:00 +12:00
shoosah
d740998463 Improve displayQuery and benchmarkQuery functions and whitelist_array variable 2019-05-28 12:00:05 +12:00
shoosah
d684c69f09 Allow displaying partial/full query message for debugging 2019-05-28 12:00:05 +12:00
Andre Kiste
2c8c643ce3 MigrateFileTask now outputs "Done" when it has finished running (#8995) 2019-05-28 09:45:13 +12:00
Maxime Rainville
4f39e59aff BUG Enable file hash caching when running the file migration task (#8993) 2019-05-28 09:37:45 +12:00
Maxime Rainville
5b6d0946f4 API Add extension points to MigrateFileTask (#8994) 
* API Add extension points to MigrateFileTask

* Apply suggestions from code review

Co-Authored-By: Guy Marriott <guy@scopey.co.nz>
 2019-05-28 09:24:01 +12:00
Maxime Rainville
7ef604807c BUG Enable file hash caching when running the file migration task (#8993) 2019-05-28 09:21:11 +12:00
Maxime Rainville
9bfce8c1a4 API Add extension points to MigrateFileTask (#8994) 
* API Add extension points to MigrateFileTask

* Apply suggestions from code review

Co-Authored-By: Guy Marriott <guy@scopey.co.nz>
 2019-05-28 09:19:05 +12:00
Sam Minnee
7407096e99 FIX: List default items in the readonly view of ListboxField 
Adds tests for non-readonly default items too.

Fixes #4142
 2019-05-27 17:47:09 +12:00
Sam Minnee
983d36b7ee FIX: Better message when form action handler not found. 
Fixes #4622 to some extent, although this fix will be most useful when
https://github.com/silverstripe/silverstripe-errorpage/issues/30 is
addressed also.
 2019-05-27 15:00:10 +12:00
Robbie Averill
d873779956 API checkHistoricalPasswords(), characterStrength() and minLength() are now correctly deprecated from 4.5.0 onwards 2019-05-27 09:12:32 +12:00
Dylan Wagstaff
25aa3af032 FIX HeaderField requires the optional Title field 
FormField marks the Title constructor argument as optional, and DatalessField does not override the __construct method. HeaderField on the other hand goes against the grain of FormFields as a whole and requires the Title field, seemingly for no good reason (at least, not that the commit message for a68ba38478 indicates) - this seems like an accidental ommision. This commit looks to reinstate the optionality of this constructor argument for consistency's sake.

Plus it broke a module I was investigating.
 2019-05-24 13:44:01 +12:00
Robbie Averill
32c04ce765
Merge pull request #8979 from silverstripe-terraformers/feature/add-extension-for-schema-validation 
Add extend function in getSchemaValidation function
 2019-05-16 11:22:45 +12:00
Guy Marriott
350888bf50 NEW Adding a shuffle method to ArrayList (#8984) 
* NEW Adding a shuffle method to ArrayList

* API Add shuffle to DataList for ArrayList parity
 2019-05-16 09:26:11 +12:00
Aaron Carlino
3f1479edbb
BUGFIX: DataQuery overwriting _SortColumn selects (#8974) 
* BUGFIX: DataQuery overwriting _SortColumn selects

* FIX DataQuery _SortColumn handling
 2019-05-15 11:42:10 +12:00
shoosah
4da8be3bf5 Add extend function in getSchemaValidation function 
This allows to create extensions which add validation list
 2019-05-14 09:47:14 +12:00
Aaron Carlino
dfa90715f7 Merge branch '4.4' into 4 2019-05-13 16:08:05 +12:00
Guy Marriott
abaeeb9432
Merge branch '4.3' into 4.4 2019-05-13 15:56:41 +12:00
Guy Marriott
53cb804929
Merge branch '4.2' into 4.3 2019-05-13 15:56:23 +12:00
matt-in-a-hat
db0e6f7104 Fix password validation min length message 
When relying on static config instead of an explicitly set minLength then this message would show without the value, like "it must be  or more characters long".
 2019-05-13 13:43:29 +12:00
aNickzz
28be2b2263
Swap argument order for implode 
I noticed this squiggly red line while perusing the code.

The PHP doc says
`implode ( string $glue , array $pieces ) : string`
> implode() can, for historical reasons, accept its parameters in either order. For consistency with explode(), however, it may be less confusing to use the documented order of arguments.
 2019-05-11 00:32:23 +09:30
Aaron Carlino
2bdf1eac0a Merge branch '4.4' into 4 2019-05-06 16:03:35 +12:00
Guy Marriott
856e841955 FIX Ensuring pagination buttons have a consistent state to work off of (#8957) 2019-05-06 14:42:25 +12:00
Guy Marriott
371588e8b1
Merge pull request #8961 from indygriffiths/patch-1 
NEW Only get an authenticator if it's an object
 2019-05-06 14:27:18 +12:00
Maxime Rainville
8ee50d2ba7 API Remove DataObjectSchema::getFieldMap() (#8960) 
Introduced as a less public API in https://github.com/silverstripe/silverstripe-assets/pull/227
 2019-05-06 12:33:23 +12:00
Indy Griffiths
5dc57518c2
NEW Filter out authenticators that are falsy 
Use-case: if a module is defining its own authenticator and you want to disable it, as it seems we don't have `unregister_authenticator()` anymore and I can't spot how to remove YAML-based injected properties, then this lets you mark it as null or false to prevent it from erroring out when it attempts to call `supportedServices()`
 2019-05-04 20:58:48 +12:00
Robbie Averill
5337e6d048 API Replace FormActions with anchors to enable panel-based loading in GridField navigation buttons (#8953) 
* FIX Add accessibility labels and titles to previous, next, and add new buttons in GridFields

* API Replace FormActions with anchors to enable panel-based loading in GridField navigation buttons

* FIX Previous and Next links are now correctly disabled when end of lists are reached

* Add English translations
 2019-05-03 15:03:59 +12:00
Guy Marriott
82c8225502
Merge branch '4.3' into 4.4 2019-05-03 09:45:25 +12:00
Ingo Schommer
1f78e8ae80 NEW Clean up secureassets module artefacts (#8948) 
See https://github.com/silverstripe/silverstripe-assets/issues/231
 2019-05-02 21:05:19 +12:00
Andre Kiste
48db515fbd NEW Fix folder permissions (#8950) 
* Add `FixFilePermissionsHelper` subtask
* Changed name to folder permissions, added more loggin
 2019-05-02 16:28:57 +12:00
Serge Latyntcev
3d777cfb8a Backward compatible behaviour for SQLConditionalExpression::getJoins 2019-05-02 15:39:36 +12:00
Ingo Schommer
0696045e59 NEW Legacy thumbnail migration task (#8924) 
* NEW Legacy thumbnail migration task

See https://github.com/silverstripe/silverstripe-assets/issues/235
Makes a start at https://github.com/silverstripe/silverstripe-assets/issues/219 as well

* API Removed migrate_legacy_file support

For the vast majority of sites, you really don't want to run your file migration as part of dev build.
The step is involved enough to warrant it's own task.
I don't think this is an API change, since the setting won't have affect
for anyone who has already enabled it - they would've already done the one-off migration.

See https://github.com/silverstripeltd/open-sourcerers/issues/91
and https://github.com/silverstripe/silverstripe-assets/issues/235
 2019-05-02 09:33:53 +12:00
Guy Marriott
ecfe039e72
FIX Don't add "better buttons" previous and next without a paginator 2019-05-01 15:48:03 +12:00
Andre Kiste
0c6c57f1ef Add getFieldMap method to retrieve a list of all fields for any giv… (#8892) 
* Add `getFieldMap` method to retrieve a list of all fields for any given class

* Add `TagsToShortcodeTask` to upgrading guide

Adding after the file migration part as this is where it makes the most sense to run it.

* `getFieldMap` accepts an array

* Move to `DataObjectSchema`

* Add `HTMLVarchar` to documentation
Minor refactoring

* Add test for checking that `subclassesfor` works without the base class
Add test `DataObjectSchema::getFieldMap` returns the correct array

* Remove cms dependency
 2019-04-30 10:43:14 +12:00
Andre Kiste
2bcf8b5ff3 More verbose file migration logging 
See https://github.com/silverstripeltd/open-sourcerers/issues/91

* Add `PreformattedEchoHandler`

cherry-picked from 4c3f3e6bea99b46b689e5b23d1bd1498a4ac696c

* Batch log messages for every 100 file.
Also make logger work for stdout

* Update src/Logging/PreformattedEchoHandler.php

Co-Authored-By: bergice <bergice@users.noreply.github.com>
 2019-04-30 08:54:48 +12:00
Robbie Averill
8c6bf7ce53 Merge branch '4.3' into 4.4 2019-04-21 11:09:25 +12:00
Robbie Averill
523456ae09
Merge pull request #8921 from creative-commoners/pulls/4.3/threshold-count-in-sql 
FIX Calculate threshold condition with SQL rather than PHP
 2019-04-21 01:25:24 +12:00
Guy Marriott
80ad336e97 NEW Add API to create a generator from a DataList (#8931) 2019-04-18 15:31:41 +12:00
Aaron Carlino
c63eecc3e1 Merge branch '4.3' into 4 2019-04-18 11:57:36 +12:00
Guy Marriott
da1af3d8b0
FIX Postgres booleans should return as int for consistency 2019-04-17 15:15:17 +12:00
Sam Minnée
6a2762662b MINOR: Change “Choose Page” to “Search or choose Page” (#8766) 
* MINOR: Change “Choose Page” to “Search or choose Page”

Based on discussions with James Ford, it wasn’t clear that you could
search.

* Use new translation key
 2019-04-16 16:06:37 +12:00
Guy Marriott
9d6b5048a6 FIX Table aliases are retained on base tables in queries built using SQLConditionalExpression (#8918) 
* Adding failing test for base table aliases using SQLSelect

* FIX Retain table aliases applied to the base table on queries

* FIX Move the trimmed alias outside of the condition so we can use it within the condition
 2019-04-16 15:40:09 +12:00
Guy Marriott
7fd6e14423
Adding comment about the === 't' condition for supporting postgres 2019-04-16 12:10:13 +12:00
Guy Marriott
a48beac845
FIX Calculate threshold condition with SQL rather than PHP 
This is a performance fix. Modern SQL engines can avoid counting a whole result set (potentially thousands of records) when you are only interested if the count exceeds a threshold.
 2019-04-15 16:48:44 +12:00
Sheila Bañez
63360f8048 BUG Replace substr with mb_substr to get the correct position 2019-04-15 16:38:52 +12:00
Guy Marriott
b1339f0d72 NEW Update FieldList::replaceField API to match removeByName (#8876) 
* API Update FieldList::replaceField API to match removeByName

This specifically adds the parameter that `removeByName` has but `replaceField` does not. This parameter is set to `true` by default rather than inheriting the same default as `removeByField`. This is because the existing funtionality of `replaceField` was the same as if this parameter was set to `true`. This should be updated in SS5 to match the `removeByField` API.

* Add dataFieldOnly to CompositeField
 2019-04-15 16:22:54 +12:00
Ralph Slooten
66c372ce28 Include baseURL with relative setGetVar() links (#8834) 
* Return baseURL with setGetVar

* Adjust testSetGetVar tests for base url
 2019-04-15 14:50:46 +12:00
Robbie Averill
2c971eea83 Merge branch '4.3' into 4 2019-04-11 11:37:47 +12:00
Robbie Averill
f2f28586d9 Merge branch '4.2' into 4.3 2019-04-11 11:37:34 +12:00
Robbie Averill
116ea12783 Merge branch '4.1' into 4.2 2019-04-11 11:37:22 +12:00
Robbie Averill
f4a6115ee6 Merge branch '4.0' into 4.1 2019-04-11 11:36:40 +12:00
Robbie Averill
8a06682e31 Merge branch '4.3' into 4 
# Conflicts:
 #	src/ORM/Connect/DBSchemaManager.php
 2019-04-11 11:24:17 +12:00
Robbie Averill
55cbacca86 Merge branch '4.2' into 4.3 
# Conflicts:
 #	src/Forms/GridField/GridFieldLevelup.php
 #	src/includes/constants.php
 2019-04-11 11:21:42 +12:00
Sam Minnee
f12fa62ad6 FIX: Better error message when GridFieldLevelup passed bad record details 
Fixes https://github.com/silverstripe/silverstripe-framework/issues/3519
 2019-04-08 18:09:51 +12:00
Loz Calver
594af77134 FIX: prevent unnecessary field alterations for enums with empty defaults 2019-04-05 16:17:41 +01:00
Robbie Averill
8b4b54f264
PHPCS linting error on indentation 2019-04-05 16:29:24 +13:00
Sam Minnee
c9c7c0c825 FIX: Fix PDO cached statement column coercion 
NEW: Add PDOStatementHandle class that is now what PDOQuery expects
 2019-04-05 15:11:21 +13:00
Sam Minnee
45e1fcaf30 FIX: Correct type coercion of MySQL 2019-04-05 15:11:21 +13:00
Sam Minnee
adb6e9eb8d FIX: Perform type coercion on PDO-based MySQL and SQLite connections 
It turns out that this is needed for decimal values on MySQL and all
values on SQLite
 2019-04-05 15:05:42 +13:00
Ingo Schommer
afb3c825c9
Merge pull request #8890 from open-sausages/pulls/4/get-installer-to-self-create-assets-folder 
BUG Update installer to create the assets folder if its missing
 2019-04-05 14:41:01 +13:00
Ian Patel
759968bbe2 Fix Undefined variable: result when catch Exception 2019-04-05 11:33:01 +13:00
Guy Marriott
a9d57f5bfb
Merge pull request #8241 from creative-commoners/pulls/4.3/separate-logging 
Separate core error logging from standard LoggerInterface
 2019-04-05 08:49:09 +13:00
Rafael Marins de Sousa
68337bd8be Including is_array validation to getEnv method. When SS website is deployed to FortRabbit .env file is read as string what causes the website to crash, due to the lack of type check at getEnv method. 2019-04-04 15:41:13 +13:00
Maxime Rainville
c84ad4278f BUG Update installer to create the assets folder if its missing 2019-03-29 17:56:39 +13:00
Aaron Carlino
fc6213c293 Merge branch '4.3' into 4 2019-03-27 13:25:57 +13:00
Aaron Carlino
9eac374b13 Use strcasecmp 2019-03-27 12:40:56 +13:00
Jonathon Menz
fae19c16b5 FIX has_one File form scaffolding 
Only allow selection of a single file when scaffolding has_one File relationship (fixes #8862)
 2019-03-26 09:50:59 -07:00
Damian Mooyman
6dc41e50a0
MINOR Linting fixes 2019-03-26 17:35:58 +13:00
Damian Mooyman
83ec0b69fa
BUG Resolve issue where schema changes between enum / non-enum types 2019-03-26 14:16:05 +13:00
Loz Calver
8483a9644c
Merge pull request #8874 from johannesx75/fix-pdoconnector-generatedid-type-2 
Fix PDOConnector GeneratedID return type
 2019-03-22 09:09:23 +00:00
Daniel Hensby
6d4d332448
Merge pull request #8830 from ntd/pr7 
Fix #8829: mention get_one does not escape field names
 2019-03-21 14:38:34 +00:00
Johannes Hammersen
e1190e33d2 Fix PDOConnector GeneratedID return type 2019-03-21 09:26:14 +01:00
Kong Jin Jie
1d406c64b9 Fix: Allow editing of relation if item is created. 2019-03-20 12:51:49 +08:00
Aaron Carlino
f6a7bddd8d Linting 2019-03-20 15:50:54 +13:00
Aaron Carlino
388baa01b4 Fix linting 2019-03-20 13:19:10 +13:00
Aaron Carlino
aa491d9294 Fix tests 2019-03-20 12:33:00 +13:00
Aaron Carlino
39a29fa2f6 ENHANCEMENT: has_extension() should allow injector overrides 2019-03-20 12:33:00 +13:00
Damian Mooyman
6b450395ce API Allow empty arraylists to be typed (#8866) 
* API Allow empty arraylists to be typed

* PHPCBF fixes
 2019-03-20 11:46:35 +13:00
Robbie Averill
0777ab5ee7
Merge pull request #8847 from blueo/pulls/optional-test-teardown 
Add option to leave Temp DB when exiting
 2019-03-19 15:58:31 +13:00
Bernard Hamlin
8d1a238e97 Add option to leave Temp DB when exiting 2019-03-19 14:37:13 +13:00
Loz Calver
ca781c684d FIX: RequestHandler::__construct() should run after middlewares (fixes #8848) 2019-03-11 11:08:03 +00:00
Nicola Fontana
252397d8d1 Fix #8829: mention get_one does not escape field names 2019-03-08 08:20:47 +01:00
Dan Hensby
765d1568ab
Merge branch '4.3' into 4 2019-03-06 11:04:50 +00:00
Dan Hensby
a8605b04e0
Merge branch '4.2' into 4.3 2019-03-06 11:04:14 +00:00
Dan Hensby
7e34167ddf
Merge branch '4.1' into 4.2 2019-03-06 11:01:17 +00:00
Dan Hensby
625e6d5f54
Merge branch '4.0' into 4.1 2019-03-06 11:00:41 +00:00
Guy Marriott
f8f6983773
Merge pull request #8793 from wilr/pulls/orm-exception 
Throw error message when searchable_field does not return a object
 2019-03-06 08:50:50 +13:00
Daniel Hensby
7416ce275b
FIX doInit comparison should be lowercased 2019-03-05 19:01:12 +00:00
Damian Mooyman
d1396b7dfe
BUG Fix writeBaseRecord with unique indexes 
Fixes #6819
 2019-02-27 16:40:12 +13:00
Maxime Rainville
11b9429c34 Merge branch '4.3' into 4 2019-02-27 12:14:51 +13:00
Maxime Rainville
651d537196 Merge branch '4.2' into 4.3 2019-02-27 12:13:24 +13:00
Maxime Rainville
ed013fcfbb Merge branch '4.1' into 4.2 2019-02-27 12:12:39 +13:00
Maxime Rainville
ac53f77115 Merge branch '4.0' into 4.1 2019-02-27 12:11:47 +13:00
Robbie Averill
7ab55a4948 Add LoggerState to disble user-configured logging during PHPUnit tests 2019-02-22 11:43:01 +07:00
Maxime Rainville
9a59f2f57d BUG Renable the ability to do dynamic assignment with DBField 2019-02-22 11:08:43 +13:00
Robbie Averill
3e90fdf42f Merge branch '4.3' into 4 2019-02-19 08:41:05 +07:00
Robbie Averill
ed74549c4f Merge branch '4.2' into 4.3 2019-02-19 08:39:59 +07:00