Commit Graph

110 Commits

Author SHA1 Message Date
Jonathon Menz
bf07ba30f4 FIX: Make error messages available to extensions 2018-06-05 14:12:28 -07:00
Robbie Averill
c3e5ab2258
Merge pull request #65 from silverstripe-security/pulls/4.2/ss-2018-009
[SS-2018-009] Allow forced redirects to HTTPS for responses with basic authentication
2018-05-28 18:57:38 +12:00
Robbie Averill
ea16e28aa7 Merge branch '4.1' into 4 2018-05-28 18:33:56 +12:00
Robbie Averill
722202fef4 Merge remote-tracking branch 'origin/4.0.4' into 4.1.1
# Conflicts:
  #	src/Control/Director.php
2018-05-24 15:41:11 +12:00
Damian Mooyman
5bff64b47b BUG Fix Director::test() not persisting removed session keys on teardown 2018-05-24 13:10:03 +12:00
Damian Mooyman
9053014a7e [ss-2018-008] Validate against malformed urls 2018-05-14 17:06:47 +12:00
Robbie Averill
30e2d9c4df [SS-2018-009] Allow forced redirects to HTTPS for responses with basic authentication 2018-04-24 14:44:29 +12:00
Damian Mooyman
26402f3bb5
ENHANCEMENT Enable request handlers to be extended 2018-03-21 15:50:31 +13:00
Ingo Schommer
0fe56732af RequestHandler updateLink() extension point 2018-03-20 15:08:29 +13:00
Damian Mooyman
2225cf4c95
BUG Fix Director::test() not persisting removed session keys on teardown 2018-02-07 11:03:32 +13:00
Damian Mooyman
e359948eb3
Merge remote-tracking branch 'origin/4.0' into 4
# Conflicts:
#	src/Core/CoreKernel.php
2018-02-05 17:52:38 +13:00
Damian Mooyman
740c3326e9
BUG Fix critical issue with incorrectly saved session data 2018-02-02 15:08:52 +13:00
Damian Mooyman
bca47029c4
Merge remote-tracking branch 'origin/4.0' into 4
# Conflicts:
#	src/Control/SimpleResourceURLGenerator.php
#	tests/php/Control/SimpleResourceURLGeneratorTest.php
2018-01-25 12:53:15 +13:00
Dylan Wagstaff
e1a4b89912
Code lint fix
change `else if` to `elseif`
2018-01-24 09:04:22 +13:00
Dylan Wagstaff
9c3feb4ab4
FIX: Allow absolute URLs be use as resources
At current certain interfaces exist that assume only local assets will be loaded (e.g. `SilverStripe\Forms\HTMLEditor\TinyMCEConfig::getConfig()`), where as someone may wish to load an off site resource via the use of an absolute URL (e.g. for fontawesome css provided via a CDN). Because asset path parsing is filtered through a `SilverStripe\Core\Manifest\ResourceURLGenerator`, one must either know in advance if they want an internal or external resource (loading different generators), or the API must allow for this (i.e. an inclusion function for each type of asset). So we can either double the API on the implementing class, or simply make an exception for an absolute URL as high as possible; inside the filter - for which the `vendor/module : path/to/file.asset` shorthand syntax was specifically designed not to conflict with.
2018-01-23 17:31:43 +13:00
Damian Mooyman
04050b2753 API Director::host() now formally includes port in host
API Add Director::hostName() and Director::port()
Fixes #7685
2018-01-23 12:19:09 +13:00
Damian Mooyman
a3c52f901a
Merge remote-tracking branch 'origin/4.0' into 4
# Conflicts:
#	src/Core/TempFolder.php
#	src/ORM/DataObject.php
#	src/View/ThemeResourceLoader.php
#	src/includes/constants.php
#	tests/php/Control/SimpleResourceURLGeneratorTest.php
#	tests/php/Forms/HTMLEditor/HTMLEditorFieldTest.php
#	tests/php/View/RequirementsTest.php
2018-01-22 14:57:05 +13:00
Daniel Hensby
db610aaf3b
Fixing string concat CS issues 2018-01-16 18:39:30 +00:00
Robbie Averill
cc90cb0125 FIX HTTPResponse::removeHeader incorrectly converts header name to lowercase 2018-01-16 23:20:52 +13:00
Daniel Hensby
e4b936c7c7
Merge branch '4.0' into 4 2018-01-12 14:40:33 +00:00
Damian Mooyman
8d077203d4 API Implement support for public/ webroot folder (#7741)
* API Implement support for public/ webroot folder

* Bugfixes and refactor based on feedback
2018-01-12 16:25:02 +13:00
Damian Mooyman
f885101a1b
BUG Fix basic auth in PHP-CGI
Fixes #7717
2017-12-21 14:58:19 +13:00
Damian Mooyman
c4ff8443bb
API Shift basic auth checking into middleware
Fixes #7554
2017-12-20 11:39:04 +13:00
Damian Mooyman
c5bd9bb424
BUG Fix incorrect BASE_DIR inferred in CLI
BUG Fix Director::mockRequest() mocking incorrect $url
Fixes #7689
2017-12-15 17:20:48 +13:00
Daniel Hensby
6d5cbe0a0e
Merge branch '4.0' into 4 2017-11-25 17:19:31 +00:00
Daniel Hensby
07a0f75426
Merge branch '3.6' into 4.0 2017-11-25 16:56:50 +00:00
Damian Mooyman
eae3d0cfaa
Merge remote-tracking branch 'origin/4.0' into 4 2017-11-16 10:16:44 +13:00
Damian Mooyman
c9921447b3
Merge pull request #7539 from colintucker/fix-broken-paginated-list
Fixed array/object mismatch bug in PaginatedList
2017-11-15 15:17:15 +13:00
Daniel Hensby
cf321895ba
Merge branch '4.0' into 4 2017-11-14 13:24:15 +00:00
Daniel Hensby
6139de8680
FIX Make sure plain parts are rendered when re-rendering emails 2017-11-08 15:32:51 +00:00
Colin Tucker
f952ef747b
Fixed array/object mismatch bug in PaginatedList 2017-11-06 11:23:41 +00:00
Damian Mooyman
420041f2b6
Merge remote-tracking branch 'origin/4.0' into 4 2017-11-03 17:04:44 +13:00
Damian Mooyman
6a73466b41 BUG Fix basicauth 2017-11-03 12:08:38 +13:00
Damian Mooyman
0b3ed7ff15
Merge 4.0 -> 4 2017-11-02 16:52:05 +13:00
Damian Mooyman
9d3277f3d3
BUG Fix forceWWW and forceSSL not working in _config.php
API Introduce CanonicalURLMiddleware
BUG Fix Director::makeRelative() failing on multi-domain sites
2017-10-30 14:42:36 +13:00
Sam Minnee
4bec62ba51 Merge branch '4.0' into 4 2017-10-20 18:45:16 +13:00
Damian Mooyman
b9cb1e69e6 BUG Replace phpdotenv with thread-safe replacement 2017-10-20 18:43:11 +13:00
Damian Mooyman
d0ca9bd17a Merge pull request #7490 from open-sausages/pulls/4.0/my-email-children-deserve-the-best
BUG Fix enable email subclasses to use their respective templates
2017-10-19 16:30:37 +13:00
Christopher Joe
dabdc905ce
BUG Fix enable email subclasses to use their respective templates 2017-10-19 14:44:04 +13:00
Nathan J. Brauer
bcc2cc6a0b Adding 308 HTTP Response as an redirect code
https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml
Often times, 308 are preferred over 301 redirects, as they tell the requester to, for example, re-POST a form submission on the final URL.
2017-10-18 12:27:00 -07:00
Chris Joe
cafa3fc29a BUG switch to trigger_error() when a resource is not found (#7468)
* BUG switch to `trigger_error()` when a resource is not found rather than throw an exception

* Add unit test for module url failing
2017-10-16 16:11:42 +13:00
Damian Mooyman
3e6984d5a8
Shift REQUEST_URI mangling into HTTPRequestBuilder::createFromVariables() 2017-10-09 17:35:33 +13:00
Damian Mooyman
199d607a2c Tiny revert 2017-10-09 17:21:43 +13:00
Ingo Schommer
1e913bb938 Remove rewrite-less routing through index.php
It's currently broken (doesn't rewrite subsequent links),
and is of questionable use. It was introduced during a time
when PHP didn't have a built-in webserver (I think).
Virtually ever webserver will have rewriting capabilities these days (even IIS!),
and if you struggle with the setup as a new user, you can just fall back to PHP's built-in webserver.

This doesn't affect installation capabilities, since these are triggered via install.php.
2017-10-09 17:21:43 +13:00
Ingo Schommer
1e051386c6 Simplified request building 2017-10-09 17:21:43 +13:00
Ingo Schommer
bd11bc16c7 Avoid double slash in Director mock URLs
They get faulty results when run through parse_url($url, PHP_URL_PATH)
which we started using in HTTPRequestBuilder
2017-10-09 17:21:43 +13:00
Ingo Schommer
4a94dfe55b Remove "url" query param reliance, use index.php
See https://github.com/silverstripe/silverstripe-framework/issues/7430
2017-10-09 17:21:43 +13:00
Damian Mooyman
fa57deeba4
ENHANCEMENT Allow vendor modules with url rewriting
API Introduce ModuleResource feature
2017-09-29 10:28:38 +13:00
Damian Mooyman
f574f6d1b2
Reset test state for modified config options 2017-09-28 17:24:32 +13:00
Christopher Joe
90d0361a6c Enhancement update set_themes to not update config 2017-09-28 16:47:13 +13:00