Commit Graph

114 Commits

Author SHA1 Message Date
Ingo Schommer
59d31c2fc2 MINOR Removed mbstring support checks, its an installation requirement 2012-05-08 15:32:15 +02:00
Ingo Schommer
d5b3dbc6fb SECURITY Return true for Director::is_absolute_url() checks if they're prefixed with two or more slashes (as browsers interpret this as a valid URL)
SECURITY More solid URL checks in Director::is_site_url(), using a conservative parse_url() hostname comparison rather than Director::makeRelative(), which is not designed for security purposes
2012-05-04 12:10:59 +02:00
Ingo Schommer
68051fdb96 Merge pull request #371 from halkyon/sapphire
---

Dont start the session until its actually necessary, which is to say there is a cookie available with the current PHP session name (or a request variable with the session_name() - typically PHPSESSID.) The latter allows for passing session ID through as an alternative to cookies.
2012-05-03 14:58:09 +02:00
Sean Harvey
0882741f54 API CHANGE Renamed setModel for DataModel instances to setDataModel for
semantics, and also to allow a field name called "Model"
2012-05-01 14:45:44 +12:00
Sean Harvey
f63d137d49 ENHANCEMENT Session::start() now only called when there is changed
session data to be saved, and started on Director::direct() when there
is a cookie (or request var) containing the current PHP session name.
2012-04-27 16:28:46 +12:00
Sean Harvey
bd6ca59558 ENHANCEMENT Adding list-style in addition to list-style-image for URL rewrites 2012-04-27 11:20:05 +12:00
Fred Condo
4756b97daa BUGFIX: absoluteURLs() rewrites URLs in list-style-image elements
This applies the patch from and resolves #6798
2012-04-26 14:53:09 -07:00
Will Rossiter
8e8c1302a2 Merge pull request #360 from joaosantos81/master
MINOR: clear_all returns void (and not the result of inst_clearAll() invocation)
2012-04-22 01:49:53 -07:00
joaosantos81
611cd53be8 inst_clearAll() does not return anything so clear_all() method should not expect any return value from inst_clearAll invocation 2012-04-20 18:36:11 +02:00
Sean Harvey
4c6be2931b BUGFIX Removing use of deprecated Object static functions like
get_static(), set_static(), uninherited() etc. Replace with equivalent
Config system get(), update()
2012-04-18 23:10:57 +12:00
Sean Harvey
effc654009 MINOR Moved ModulePath to GenericTemplateGlobalProvider 2012-04-15 10:50:21 +12:00
Sean Harvey
8949dfa691 ENHANCEMENT Replaced locations of sapphire with $ModulePath(framework) in templates, based off Controller which implements TemplateGlobalProvider 2012-04-15 10:50:20 +12:00
Simon Welsh
f07258f3cf MINOR Update @package values to match renaming sapphire 2012-04-15 10:50:19 +12:00
Simon Welsh
3a6341a251 API-CHANGE sapphire folder can now be renamed. 2012-04-15 10:50:19 +12:00
Simon Welsh
f8082e4814 MINOR Add newline to end of files without one 2012-04-15 10:50:19 +12:00
Andrew O'Neil
d368f3605b MINOR: Remove default paramenter from handleRequest() so it complies with the interface correctly. Fixes E_STRICT warning. 2012-04-11 17:20:49 +12:00
Sam Minnee
e01b0aa3d0 ENHANCEMENT PjaxResponseNegotiator for more structured partial ajax refreshes, applied in CMS and GridField. Also fixes issues with history.pushState() and pseudo-redirects on form submissions (e.g. from page/add to page/edit/show/<new-record-id>) 2012-04-05 23:00:22 +02:00
Ingo Schommer
a44b67bae2 API CHANGE Moved RequestHandler->isAjax() to SS_HTTPRequest->isAjax() 2012-04-05 23:00:22 +02:00
Sean Harvey
58e912d4d7 MINOR Removed check for PHP versions less than 5.2 in Cookie 2012-04-03 09:54:55 +12:00
Gareth Foster
21d52d3852 BUGFIX #7018 This stops an infinite loop when Depreciation::notice is called from set_dev_servers(). This doesn't stop people from setting $dev_servers directly (not that it is used in the core code anywhere). 2012-03-24 15:57:49 +13:00
Sam Minnee
a2c1858892 BUGFIX: Return a 404, not a 500, if an invalid action is asked for on a RequestHandler. 2012-03-19 13:10:48 +13:00
Sam Minnee
8bbfa970d7 API CHANGE: Remove Controller::Now(), as it was only ever a template global provider, and use the new TemplateGlobalProvider interface on SS_Datetime instead. 2012-03-16 15:05:28 +13:00
Sam Minnee
6c35588eda API CHANGE: Rename 'PastMember' to 'IsRepeatMember' in templates.
API CHANGE: Move Controller::PastMember() to Member::is_repeat_member() in code.
API CHANGE: Removed Controller::CurrentMember(), it was only ever intended as a template global provider.
2012-03-16 15:05:28 +13:00
Ingo Schommer
e6be56e3b4 API CHANGE Removed FormResponse class, use custom HTTP status codes to communicate state on text/html responses, or use text/json for more structured data responses 2012-03-09 23:27:39 +01:00
Ingo Schommer
27fd3e5633 API CHANGE Removed Session::load_config() (no longer supported) 2012-03-09 21:17:18 +01:00
Hamish Friedlander
5ff095e561 BUGFIX: RequestHandler needs some tricks to make sure it knows when allowed_actions hasnt been provided on a class when it has been provided on an extension, now that statics from extensions isnt a feature specific hack 2012-03-09 18:16:45 +13:00
Hamish Friedlander
4315e51358 BUGFIX: Fix deprecated and removed static accessor calls 2012-03-09 18:16:44 +13:00
Mark Stephens
627708e3a8 BUGFIX: add Director::isDev parameter so we can test if we know we're dev mode already without touching the database. Used in showqueries on MySQL, so that errors are avoided when showing queries on initial switch to dev move (#6856) 2012-03-09 14:20:22 +13:00
Ingo Schommer
f9323b398c BUGFIX Type-safe checks for Controller::join_links(), allowing arguments with a value of "0" 2012-03-08 22:20:37 +01:00
Hamish Friedlander
374ed19406 API CHANGE: Change variable expose method in TemplateGlobalProvider and TemplateIteratorProvider to (a) not clash with each other and, (b) be less generic 2012-03-06 09:31:57 +13:00
Hamish Friedlander
fb246bdd08 APICHANGE: Rename getExposedVariables to match coding conventions 2012-03-06 09:31:56 +13:00
Hamish Friedlander
927dbbe717 API-CHANGE: Global template variables can now be called directly using SSViewer_DataPresenter instead of needing to inherit off ViewableData 2012-03-06 09:11:46 +13:00
Sam Minnee
adfdd068e2 Merge branch 'ereg-to-preg' of https://github.com/AngryPHPNerd/sapphire
Conflicts:
	model/fieldtypes/Date.php
2012-03-05 13:54:20 +13:00
Ingo Schommer
bcc73de85e Merge branch '106-add-edit-records-rc'
Conflicts:
	admin/code/LeftAndMain.php
	admin/css/screen.css
	admin/scss/_style.scss
	admin/templates/Includes/LeftAndMain_EditForm.ss
	css/GridField.css
	filesystem/Folder.php
	forms/gridfield/GridField.php
	forms/gridfield/GridFieldDefaultColumns.php
	forms/gridfield/GridFieldPopupForms.php
2012-02-27 23:58:10 +01:00
Julian Seidenberg
3936909980 ENHANCEMENT: working delete button 2012-02-27 23:52:48 +01:00
AngryPHPNerd
0e2cbb0b88 Replace ereg with preg_* 2012-02-27 22:14:02 +01:00
Sean Harvey
07f4cd4a78 BUGFIX Fixed undefined method suser_error() in Cookie::set() 2012-02-16 14:59:56 +13:00
Ingo Schommer
5ab007db21 MINOR Removed apache_request_headers() usage in Director::direct(), it causes inconsistencies in capitalisation over the default method (inspecting $_SERVER) 2012-02-14 13:53:35 +01:00
Fred Condo
d370423825 Clean up trailing ?> per coding standard
All sapphire but the lang directory
2012-02-12 12:40:16 -08:00
Sam Minnee
2648411829 ENHANCEMENT: Ensure that forceSSL and protocol detection respects the X-Forwarded-Protocol header. 2012-02-03 09:49:37 +13:00
Sam Minnee
06605ffadc ENHANCEMENT: Provide a default Controller::Link() method, meaning that Controller objects can be constructed to help with testing forms. 2012-01-10 16:39:12 +13:00
Sam Minnée
d9fcbf9167 Merge pull request #115 from joaosantos81/patch-1
Fix for bug when destroying a session with a domain cookie. See http://w...
2012-01-09 19:10:49 -08:00
simonwelsh
7179f04682 API CHANGE: Deprecate Director::set_dev_servers() and Director::set_test_servers() in favour of Director::set_environment_type() or an _ss_environment.php file. 2012-01-01 22:09:41 +13:00
Simon Welsh
dd546a9888 BUGFIX Merge request arrays recursively 2011-12-23 17:48:49 +13:00
Sam Minnee
8e58529f39 BUGFIX: Don't throw errors if older modules aren't aware of the DataModel argument. 2011-12-17 15:25:15 +13:00
Will Rossiter
075cb5d7b9 ENHANCEMENT: keep Cookie::forceExpiry() consistent with Cookie::set() for preventing cookies from not being deleted. Fixes #56 2011-12-17 14:21:09 +13:00
joaosantos81
77f5ea733b Fix for bug when destroying a session with a domain cookie. See http://www.silverstripe.org/general-questions/show/18539 for more details 2011-11-14 09:44:46 +00:00
Sam Minnee
e5afa25522 MINOR: Use Deprecation class to indicate deprecated methods in core. 2011-10-29 17:34:31 +13:00
Simon Welsh
58bbb3687a Change Controller::can() to allow an array of perms, as CMSMain can pass an array in (singleton($class)->stat('need_permission') can be an array). 2011-10-29 12:09:22 +13:00
Ingo Schommer
e66255cfb3 API CHANGE Using 'BackURL' GET parameter in Controller->redirectBack() instead of the unused '_REDIRECT_BACK_URL', which e.g. makes the Security/logout behaviour consistent with Security/login (fixes #6729, thanks rixnix) 2011-10-10 10:10:20 +02:00
Will Rossiter
1732a17114 Merged new-orm into datagrid 2011-09-26 16:47:54 +13:00
Ingo Schommer
2651a1ba81 MINOR Marking Director::extract_request_headers() public because we can't unit test protected methods in PHP 5.2 2011-09-19 16:01:33 +02:00
ajshort
a60f03f28e ENHANCEMENT Sapphire Doesn't Read HTTP Headers (fixes #6311) 2011-09-19 14:49:55 +02:00
Ingo Schommer
ce8e72cf0e MINOR Removing executable flag from all files (thanks miiihi) 2011-09-18 22:04:02 +02:00
Ingo Schommer
a0eaad3833 BUGFIX Enforce status code set through SS_HTTPResponse->setStatusCode() in output(), override PHP auto-detection of code based on HTTP headers (thanks miiihi) 2011-09-18 21:46:58 +02:00
Ingo Schommer
dfb0504d0d BUGFIX Setting "Content-Length" header in HTTPResponse to avoid problems with proxies timing out 2011-07-26 08:25:09 +02:00
Ingo Schommer
5e9ba3c1d5 BUGFIX Correct formatting of "Content-Type: ...; charset=..." header in HTTPResponse and Mailer (breaks Adobe BrowserLab) 2011-07-15 07:05:50 +02:00
Sam Minnee
878b348a0f Merge branch 'master' into new-orm
Conflicts:
	docs/en/reference/built-in-page-controls.md
	model/SQLQuery.php
2011-05-26 17:08:10 +12:00
Ingo Schommer
44354d472f API CHANGE Removed Session::clearAll(), use clear_all() instead
API CHANGE Removed Session::getAll(), use get_all() instead
2011-05-01 20:23:07 +12:00
Ingo Schommer
1ec01d5dff API CHANGE Removed SS_HTTPResponse->getLinks(), use HTTP::getLinksIn() or DOMDocument 2011-05-01 20:23:06 +12:00
Ingo Schommer
4bd97cfd79 API CHANGE Removed Director::get_site_mode() and set_site_mode(), functionality no longer required
API CHANGE Removed Director::add_callback(), use custom extension on controller instead
API CHANGE Removed Director::currentPage(), use get_current_page() instead
2011-05-01 20:23:06 +12:00
Ingo Schommer
cd6115b85b API CHANGE Removed Controller::PastVisitor(), used PastMember() instead 2011-05-01 20:23:06 +12:00
Sam Minnee
7fbb919ce8 API CHANGE: Introduce DataModel object, as a representation of the project's entire data model, and tie it to $this->model an all DataObjects, Controllers, and RequestHandlers for easy non-static access.
API CHANGE: Add DataList::newObject(), which creates a new object on that DataList.
API CHANGE: RequestHandler::handleRequest() now needs to handle a $model argument, if you override it.
2011-05-01 17:33:02 +12:00
Ingo Schommer
9b29616710 API CHANGE Rearranged files in sapphire to reflect core dependencies more accurately, and have the tests/ folder mirror its folder structure 2011-03-31 09:56:21 +13:00