Commit Graph

141 Commits

Author SHA1 Message Date
Damian Mooyman
c14e7f6b76 BUG Fix malformed urls redirecting to external sites 2015-05-28 18:27:58 +12:00
Ingo Schommer
1661213e5b FIX Opt-out pf form message escaping (fixes #2796)
This fixes a limitation introduced through http://www.silverstripe.org/ss-2013-008-xss-in-numericfield-validation/.
Form messages used to accept HTML, now they’re escaped by default, effectively removing the ability
to pass in HTML and take care of escaping manually.

We pass through HTML to message in core through the CTF system, so this needs to be fixed.
It’s an alternative fix to https://github.com/silverstripe/silverstripe-framework/pull/2803.
2014-08-22 16:59:34 +12:00
Damian Mooyman
6d5d3d8cb7 Rewrote usages of error suppression operator 2014-03-05 14:22:19 +13:00
Ingo Schommer
c243418597 API Escape form validation messages (SS-2013-008) 2013-09-24 21:54:31 +02:00
Ingo Schommer
25af4adce2 Merge tag '3.0.5' into 3.0 2013-02-20 02:21:41 +01:00
Ingo Schommer
16d0c188ee BUG Find Form actions in CompositeFields for access checks
This bug was introduced with the new nested CMS actions
around December 2012, but wasn't noticed until now
because checkAccessAction() would wrongly return TRUE
before the dataFieldByName() check was reached.
2013-02-19 15:48:29 +01:00
Ingo Schommer
92458d9f43 Fixed line lengths 2013-02-18 14:41:49 +01:00
Sam Minnee
9a2ba483df BUGFIX: Made CSRF-error wording friendlier. 2013-01-29 18:03:49 +01:00
Ingo Schommer
5d37d55f35 BUG Form session message clearing regression
Regression originally from 729bcc95, but made visible by 014f541a8
2013-01-21 11:11:21 +01:00
Ingo Schommer
014f541a89 BUG Regression in Form->clearMessage() (fixes #8186)
See 729bcc9
2013-01-15 14:25:07 +01:00
Ingo Schommer
e7e6c45aee Merge pull request #1082 from sminnee/form-improvements
Form improvements
2013-01-11 02:29:14 -08:00
Hamish Friedlander
2916f2043c NEW: Improve HTTP caching logic to automatically disable caching for requests that use the session.
This improvement makes it easier to set a side-wide default cache time without needing to worry about CSRF-protected forms, etc.
2013-01-08 17:47:05 +13:00
Sam Minnee
729bcc95db BUGFIX: Don't clear form messages unless forTemplate() is actually called.
BUGFIX: Clear session-stored form data as well as form error message.
2013-01-08 17:45:17 +13:00
Simon Welsh
fc5dd2994c Add codesniffer that ensures indentation is with tabs. 2012-12-12 00:12:11 +13:00
Hamish Friedlander
0dd97a38f6 API: Form#loadDataFrom 2nd arg now sets how existing field data is merged with new data 2012-11-16 12:36:00 +13:00
Sam Minnee
1f7fc1f76a FIX Remove instances of lines longer than 120c
The entire framework repo (with the exception of system-generated files) has been amended to respect the 120c line-length limit.  This is in preparation for the enforcement of this rule with PHP_CodeSniffer.
2012-09-30 17:18:13 +13:00
Ingo Schommer
e2f073f38a Method visibility according to coding conventions 2012-09-20 10:46:59 +02:00
unclecheese
e2c1deb4f7 MINOR Chainable Form->loadDataFrom() 2012-06-20 17:01:16 +02:00
Sean Harvey
7fe0858be1 API CHANGE Marked Form::unsetFieldFromTab() as deprecated. Please use
Fields() and the FieldList API instead.
2012-05-31 14:29:58 +12:00
Sean Harvey
a84ef8d8f3 MINOR Don't use template method Actions internally in Form 2012-05-24 10:49:47 +12:00
Sean Harvey
c7e0cee637 API CHANGE Add Form->getController() and use this instead of Controller::curr() in FileIFrameField
API CHANGE Add Form->getName() and deprecate Form->Name(), use getName() instead.
2012-05-24 10:46:57 +12:00
Ingo Schommer
c2339d2181 API CHANGE Removed FormResponse handling for erroneous ajax requests in Form->validate(), use javascript validation instead, or reload the whole form with new HTML including the error messages 2012-04-30 17:15:30 +02:00
Mateusz Uzdowski
b561786825 MINOR: change the ugly user-facing CSRF message to more friendly
User does not necessarily knows what CSRF is, and tends to get scared by
this, thinking he has abused something. On the other hand users tend to
know what session expiry means.
2012-04-26 13:57:16 +12:00
Ingo Schommer
ee70e0a5b7 MINOR Fixed returns of Form->unsetValidator() 2012-04-17 11:03:09 +02:00
Simon Welsh
3a6341a251 API-CHANGE sapphire folder can now be renamed. 2012-04-15 10:50:19 +12:00
Sam Minnee
1d5065f4a7 BUGFIX: Removed reference to non-existence function Form::handleAction(). 2012-03-19 13:10:51 +13:00
Sam Minnee
067204d003 BUGFIX: Prevent 500 error when a HEAD request is sent to its action URL. 2012-03-19 09:26:20 +13:00
Sam Minnee
3d54668896 MINOR: Added explicit 'public' keyword on functions. 2012-03-09 15:42:31 +13:00
Sam Minnee
ba93028b01 API CHANGE: Added Form::VisibleFields() and FieldList::VisibleFields(), which list everything except hidden fields, to assist with the creation of custom form layouts. 2012-03-09 15:41:42 +13:00
Sean Harvey
9f3344b355 API CHANGE Removed built-in behaviour.js client-side form validation.
This is no longer supported. Please use custom client-side validation instead. (see 3.0.0 changelog
for more information)
2012-03-09 12:19:57 +13:00
Ingo Schommer
bcc73de85e Merge branch '106-add-edit-records-rc'
Conflicts:
	admin/code/LeftAndMain.php
	admin/css/screen.css
	admin/scss/_style.scss
	admin/templates/Includes/LeftAndMain_EditForm.ss
	css/GridField.css
	filesystem/Folder.php
	forms/gridfield/GridField.php
	forms/gridfield/GridFieldDefaultColumns.php
	forms/gridfield/GridFieldPopupForms.php
2012-02-27 23:58:10 +01:00
Ingo Schommer
7602d081a2 ENHANCEMENT Fluent interface in Form API by returning instance from all setters 2012-02-17 13:35:26 +01:00
Andrew O'Neil
a76c9c3c5e BUGFIX Fix checkFieldsForAction() when working with tabs 2012-02-09 11:46:33 +13:00
Stig Lindqvist
39372497df BUGFIX GridField_Actions did not work in more complex Forms with tabsets (i.e SecurityAdmin) when using GridField_Action
BUGFIX Empty GridState data causes isset error
BUGFIX Last field of GridFieldFilter outputs wrong label
2012-01-09 18:41:23 +13:00
Stig Lindqvist
3c516b7b97 API CHANGE: Refactored GridField modifiers into GridField_ColumnProvider, GridField_HTMLProvider, GridField_ActionProvider, and GridField_DataModifier interfaces, all added as components in the config.
API CHANGE: Simplified state handling so that it's just a key store. Affectors are replaced with GridField_ActionProviders. API CHANGE: Removed GridField state manipulation actions instead opting for GridField_ActionProvider actions.
API CHANGE: Removed support for modifiers that add "body" rows, instead having core support for generating the body rows hardcoded into the GridField.
API CHANGE: Allow modification of columns across the whole GridField with the GridField_ColumnProvider interface.
API CHANGE: Renamed GridField_AlterAction to GridField_Action, and added actionName/args parameters, since it can be used for all actions (including batch actions and row actions)
API CHANGE: Removed GridFieldRow class.
2012-01-09 13:30:34 +13:00
Ingo Schommer
72694d8349 ENHANCEMENT Custom form attributes through Form->setAttribute() 2012-01-02 16:49:33 +01:00
Ingo Schommer
b3c08dba12 API CHANGE Deprecated FieldSet-specific methods from Form, namely dateFieldByName(), unsetDataFieldByName(), unsetFieldFromTab(), resetField() 2012-01-02 16:47:59 +01:00
ajshort
3478e4f9e6 ENHANCEMENT: Made the form enctype configurable via a method Form->setEncType().
API CHANGE: Deprecated Form->FormEncType() in favour of Form->getEncType().
MINOR: Added enctypes as constants to the Form class.
2011-12-26 18:36:24 +11:00
Sam Minnee
ff9b9e17af MINOR: Removed use of deprecated Director::redirect* functions. 2011-10-29 17:36:37 +13:00
Sam Minnee
a49b56a348 MINOR: Removed usage of deprecated FormField::Name() 2011-10-29 17:34:32 +13:00
Sam Minnee
e5afa25522 MINOR: Use Deprecation class to indicate deprecated methods in core. 2011-10-29 17:34:31 +13:00
Hamish Friedlander
0a3e0f15de MINOR: Replace references to FieldSet (now deprecated) with references to FieldList 2011-10-28 15:58:55 +13:00
Will Rossiter
1732a17114 Merged new-orm into datagrid 2011-09-26 16:47:54 +13:00
Will Rossiter
2036354d8d ENHANCEMENT: implemented CMSPageHistoryController with comparsion view, single version view into new CMSMain interface 2011-09-19 17:26:01 +02:00
Ingo Schommer
ce8e72cf0e MINOR Removing executable flag from all files (thanks miiihi) 2011-09-18 22:04:02 +02:00
Sam Minnee
878b348a0f Merge branch 'master' into new-orm
Conflicts:
	docs/en/reference/built-in-page-controls.md
	model/SQLQuery.php
2011-05-26 17:08:10 +12:00
Ingo Schommer
fbe4b3fbc9 BUGFIX Form::validate clears whole session incl. 'message' key, instead of overwriting specific keys (fixes #6607, thanks netnoise) 2011-05-17 20:51:38 +12:00
ajshort
1f6f7f0862 API CHANGE: Deprecated CompositeField->FieldSet() in favour of CompositeField->FieldList().
MINOR: Replaced usage of FieldSet with FieldList.
MINOR: Renamed FieldSetTest to FieldListTest.
2011-05-11 17:51:54 +10:00
Ingo Schommer
ce05ce78e5 BUGFIX Allow alternative (array-based) templates in Form->forTemplate() 2011-04-24 11:46:50 +12:00
Ingo Schommer
e4c586f78e BUGFIX Checking for existence of FormAction in Form->httpSubmission() to avoid bypassing $allowed_actions definitions in controllers containing this form
BUGFIX Checking for $allowed_actions in Form class, through Form->httpSubmission()

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@115182 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-20 00:00:38 +00:00