Commit Graph

22921 Commits

Author SHA1 Message Date
Steve Boyd
fb0d769049
Merge pull request #9969 from creative-commoners/480-tag
Security fixes from 4.8.0
2021-06-08 11:47:35 +12:00
Daniel Hensby
c79638be02
Merge pull request #9968 from dmipeck/pulls/datetime-mock-defensive-copy
FIX Defensively copy mocked datetime
2021-06-07 22:58:00 +01:00
David Peck
28b5b803be FIX Defensively copy mocked datetime 2021-06-05 16:46:19 +12:00
Daniel Hensby
12cffe0346
Merge pull request #9696 from chrometoasters/pulls/safer-dbtext-summary
FIX Use empty array as a fallback for preg_split within DBText summary
2021-06-03 08:07:51 +01:00
Michal Kleiner
0bd5b98d62 MNT Fix typos in test comments 2021-06-03 13:49:24 +12:00
Michal Kleiner
9dd69c40e3 NEW Add DBText->Summary tests 2021-06-03 13:49:24 +12:00
Steve Boyd
0b22ad65f2
Merge pull request #9959 from creative-commoners/pulls/4/new-pattern-lib
DOC Update pattern library link to point to new repo
2021-06-03 10:18:16 +12:00
Steve Boyd
48677c80b6 MNT Added 4.8.0 changelog 2021-06-02 16:27:48 +12:00
Steve Boyd
8024551376 [CVE-2020-26138] Validate custom multi-file uploads 2021-06-02 16:24:23 +12:00
Steve Boyd
7f97734a20 [CVE-2020-25817] Prevent loading of xml entities 2021-06-02 16:24:17 +12:00
Steve Boyd
8167c6f3ef DOC Update references to graphql basic-auth
Co-authored-by: Garion Herman <garion@silverstripe.com>
Co-authored-by: Maxime Rainville <maxime@silverstripe.com>
2021-06-02 16:24:09 +12:00
Michal Kleiner
2017a20433 FIX Use empty array as a fallback for preg_split within dbtext summary
If the content is invalid for whatever reason e.g. when instantiating
a DBText field to get a summary of text through
`DBField::create_field('Text', $content)->Summary(10)`, preg_split returns
false and the rest of the code expects an array.
This tweak ensures an array is always returned even when preg_split fails.
2021-06-02 15:17:58 +12:00
Ingo Schommer
fa3c5e6fea
DOCS Clearer sysadmin guidance for "packaging" (#9960)
* DOCS Clearer sysadmin guidance for "packaging"

We have all kinds of fun fallbacks that attempt to create supporting files in production environments.
The latest point of contention is dev/build automatically creating files in .graphql/ and public/_graphql/
if those don't exist. That should be regarded as a last resort option to allow introduction of GraphQL v4 in the CMS 4.x release line.
At least since CMS 4.1, we need some form of "packaging" for generated files (public/_resources),
or committing these into the codebase, so let's call that out for anyone running CMS infra.

* Add trailing slash

Co-authored-by: Aaron Carlino <unclecheese@leftandmain.com>
2021-06-02 10:59:42 +12:00
Maxime Rainville
6e13600a88 DOC Update pattern library link to point to new repo 2021-06-01 16:33:25 +12:00
Pen y Fan
843671d108
[doc] Add additional information required to run the test
- I believe the YAML file should be included for the completeness of this example.
- Added details on Caching, I know this is duplication, but I believe it reinforces this requirement by example.
- The example **phpunit.xml** file is a basic working example.

I propose this as a more complete how-to, my thinking is someone new reading this how-to documentation, can follow the instructions and successfully run the example test. I hope this is acceptable.
2021-05-31 21:07:11 +01:00
Pen y Fan
bba872e02c
[doc] Update to Silverstripe 4 convention
- The Silverstripe 4 folder structure has been changed from **app/code/** to **app/src/**
- Renamed Silverstripe in text. I assume `api:` and `Namespace`, should remain SilverStripe
- Added some missing semicolons
2021-05-31 19:08:03 +01:00
Steve Boyd
a3df66860f Merge branch '4.8' into 4 2021-05-31 17:05:11 +12:00
Steve Boyd
9ccdb8efb2 Merge branch '4.7' into 4.8 2021-05-31 17:04:54 +12:00
Maxime Rainville
472fc4ebb4
BUG Update DataQuery::exists to return false when limit causes no result to be returned (#9946)
* BUG Update DataQuery::exists to return false when limit causes no result to be returned

* Update comment

* Fixing linting issue
2021-05-31 16:50:58 +12:00
Aaron Carlino
44c30aea2d
META: Publish docs on updates to 3 branch, not 3.7 2021-05-31 14:18:16 +12:00
Ingo Schommer
196752566f
Merge pull request #9655 from sminnee/pulls/9647-find-lost-records
NEW: Add GridFieldDetailForm::setRedirectMissingRecords()
2021-05-21 13:53:18 +12:00
Sam Minnee
8883413ba7 NEW: Add GridFieldDetailForm::setRedirectMissingRecords()
This new opt-in setting will let grid field detail forms redirect to the
“Correct” URL of a GridField if it’s not found in the current list.

This works by:
 * Looking for the item in the database
 * If it exists, check for a CMSEditLink() method that returns a value
 * If so, redirect to that

This is useful if you have a number of grid fields that each show a
partial list of records, and it’s possible for the user to make changes
such the item no longer appears in the list, but does appear in another
list.

It’s an opt-in feature as I think all changes like this should be
opt-in, based on previous experiences improving GridField and in turn
breaking SecurityAdmin and slowing versioned-data-browsing down. ;-)
2021-05-21 13:16:00 +12:00
Ingo Schommer
cd71f964cf
Merge pull request #9929 from open-sausages/pulls/4/csvbulkloader-extension-hooks
Extension hooks for CsvBulkLoader
2021-05-21 11:48:56 +12:00
Ingo Schommer
8c0efd3980 Extension hooks for CsvBulkLoader
Required for versioned-snapshots integration
2021-05-21 11:17:46 +12:00
Ingo Schommer
ad4e488dcf
Merge pull request #9192 from sminnee/fix-9163
NEW: Support dot syntax in form field names
2021-05-21 10:34:15 +12:00
Ingo Schommer
8c9e203f1e DOCS 4.9.0 changelog with dot notation changes
[ci-skip]
2021-05-21 10:32:51 +12:00
Dylan Wagstaff
a5fc61a23a
Merge pull request #9948 from open-sausages/4
FIX Tidy extension and cli fix for tests
2021-05-21 09:19:22 +12:00
Guy Marriott
766df06f23
Merge pull request #9631 from open-sausages/pulls/4/custom-sort-gridfield-autocompleter 2021-05-20 14:02:44 -07:00
Ingo Schommer
7a0d354529 Linter fixes 2021-05-21 08:30:43 +12:00
Ingo Schommer
99c56fc913 DOC Handling nested form data
Related to #9163
2021-05-20 20:32:27 +12:00
Ingo Schommer
8806b3befc Fixes required for dot notation support in fields
See #9163
2021-05-20 20:32:25 +12:00
Dan Hensby
23ffd2bbd6 Linting fix 2021-05-20 20:32:25 +12:00
Sam Minnee
5dcf5197da FIX: Make the ./_ substitution optional. 2021-05-20 20:32:25 +12:00
Sam Minnee
c7c6bdebdf FIX: Allow join-object to be referenced as a component
This avoids having arbitrary differences between a join object and a
has-one relation.
2021-05-20 20:32:25 +12:00
Sam Minnee
6ba7bf7b2f FIX: Replace ‘.’s with ‘_’s in HTML IDs
The functioning of dot-syntax in form fields mean that .s are more
likely to appear in names. This breaks javascript behaviour in HTML IDs 
and I believe is an invalid character for them.
2021-05-20 20:32:24 +12:00
Sam Minnee
02fb7c3b17 NEW: Support dot syntax in form field names
This change adds support for these in a few places.

 - Form::saveInto($record)
 - Form::loadDataForm($record)
 - Form::loadDataForm($_POST)

Fixes https://github.com/silverstripe/silverstripe-framework/issues/9163
2021-05-20 20:32:24 +12:00
Ingo Schommer
5e2ca7f0a3 FIX Tidy extension and cli fix for tests
Wrap doesn't actually wrap in the tidy extension.
This causes tests to be flakey, for example some of `FormTest` fails
if you happen to have `ext-tidy` installed (which is the default on most systems).
This happened to me on PHP 7.4.19 with tidy 5.6.0 (OSX Homebrew).
Note that the tests aren't failing in Travis right now.

You'd expect `wrap => 0` to be honoured. It's documented as an integer
in the tidy docs: https://api.html-tidy.org/tidy/quickref_5.6.0.html#wrap.

Even tracked this down to the PHP source which appears to be doing the right thing:
https://github.com/php/php-src/blob/master/ext/tidy/tidy.c#L300

There's a bug from 2018 against PHP 7.2.8 which was closed as "not a bug" without comment:
https://bugs.php.net/bug.php?id=76683

You can see the behaviour in action in the following test.

```
<?php
$html = '<p>a really long string which should not be wrapped</p>';

echo "## With tidy extension" . PHP_EOL;
$tidy = new tidy();
$tidy->parseString(
    $html,
    [
        'output-xhtml' => true,
        'numeric-entities' => true,
        'wrap' => 0,
    ],
    'utf8'
);
$tidy->cleanRepair();
echo $tidy . PHP_EOL;

echo "## With tidy cli" . PHP_EOL;
$cmd = sprintf("echo " . escapeshellarg($html) . " | tidy --force-output 1 -n -q -utf8 -asxhtml -w 0 2> /dev/null");
echo shell_exec($cmd);
```

Long story short, setting it to 99999 fixes the issue.
2021-05-20 20:09:42 +12:00
Daniel Hensby
713a0b4a67
Merge pull request #9947 from chromos33/4
Update 04_Shortcodes.md
2021-05-19 19:24:31 +01:00
chromos33
ebdbbfd595
Update 04_Shortcodes.md 2021-05-19 19:16:27 +02:00
Steve Boyd
b6286983b1 Merge branch '4.8' into 4 2021-05-17 16:54:02 +12:00
Steve Boyd
787253d51c MNT Remove COMPOSER_ROOT_VERSION 2021-05-17 16:53:40 +12:00
Andre Kiste
6fd3a1aa05
Merge pull request #9944 from manuth/patch-16
Update 09_Casting.md
2021-05-17 15:57:23 +12:00
Andre Kiste
cb05744b7d
Merge pull request #9941 from manuth/patch-13
Update 03_Requirements.md
2021-05-17 15:26:50 +12:00
Andre Kiste
d7225f99fd
Merge pull request #9942 from manuth/patch-14
Update 05_Template_Inheritance.md
2021-05-17 15:26:25 +12:00
Andre Kiste
ee334025f0
Merge pull request #9943 from manuth/patch-15
Update 06_Themes.md
2021-05-17 15:25:19 +12:00
Steve Boyd
8b28c5647b MNT Added 4.8.0-rc1 changelog 2021-05-17 12:05:10 +12:00
Andre Kiste
7b57963182
Merge pull request #9938 from manuth/patch-10
Update index.md
2021-05-17 11:57:38 +12:00
Andre Kiste
1310252c7d
Merge pull request #9940 from manuth/patch-12
Update 02_Common_Variables.md
2021-05-17 11:51:24 +12:00
Andre Kiste
e98b7edc3e
Merge pull request #9939 from manuth/patch-11
Update 01_Syntax.md
2021-05-17 11:50:39 +12:00
Manuel Thalmann
3a49759c0f
Update 09_Casting.md 2021-05-17 01:34:01 +02:00