Antony Thorpe
6348f2e3e8
Updated Form.php & 04_Form_Security.md
...
Changed the `strictFormMethodCheck` protected property from false to true to step out on the front foot with this security setting. In the documentation under the title [Cross-Site Request Forgery](https://github.com/silverstripe/silverstripe-framework/blob/master/docs/en/02_Developer_Guides/09_Security/04_Secure_Coding.md#cross-site-request-forgery-csrf ) it states, "it is also recommended to limit form submissions to the intended HTTP verb (mostly GET or POST) through [api:Form::setStrictFormMethodCheck()]." The same advice is noted in [Form Security](c2292a4cc1/docs/en/02_Developer_Guides/03_Forms/04_Form_Security.md (strict-form-submission)
).
Why not make this the default behaviour? Is there a scenario where this would cause a problem? Have manually tested in the CMS (alpha7) and is working fine.
Note: Original commit that establised the API Form::setStrictFormMethodCheck is 14c59be8
.
2017-06-06 21:10:49 +12:00
Damian Mooyman
9b965ed5fa
Add in missing changelog notes
2017-06-06 11:08:05 +12:00
Ingo Schommer
b137e91998
Internal security process docs
2017-06-02 11:30:12 +12:00
Justin Brown
ac08e16720
Update to 00_CSV_Import.md
...
Adding further explanation for using a custom CsvBulkLoader in ModelAdmin instead of the default one. I think some people might be able to guess at this, but others (like me) might benefit from making things a bit more explicit. This a follow up from my [question on StackOverflow](https://stackoverflow.com/questions/44271755/adding-custom-csvbulkuploader-to-modeladmin-in-silverstripe ).
2017-05-31 09:05:05 -06:00
Ed Linklater
f007fca51f
Docs: Correct Stevie's name on committers page
2017-05-31 12:27:06 +12:00
Daniel Hensby
21d2e5cad1
Merge branch '3.6' into 3
2017-05-31 00:12:14 +01:00
Daniel Hensby
becb769167
Merge branch '3.5' into 3.6
2017-05-31 00:11:48 +01:00
Daniel Hensby
294df1320f
Merge branch '3.4' into 3.5
2017-05-31 00:11:18 +01:00
Daniel Hensby
143c4a63cf
Added 3.6.0 changelog
2017-05-30 22:11:03 +00:00
Daniel Hensby
2f7f761a9c
Added 3.5.4 changelog
2017-05-30 22:03:17 +00:00
Daniel Hensby
deca99a5fe
Added 3.4.6 changelog
2017-05-30 21:58:52 +00:00
Damian Mooyman
e7d87add9f
API Remove legacy HTMLEditor classes
2017-05-30 11:01:28 +12:00
Nick
318b0248b7
Update 05_Dataobject_Relationship_Management.md
...
Correct a naffed up code block and a typo
2017-05-29 20:54:50 +12:00
Daniel Hensby
659053a256
Added 3.6.0-rc1 changelog
2017-05-29 00:36:04 +00:00
Daniel Hensby
cda7e8dc39
Merge remote-tracking branch 'security/3.5.4' into 3.6.0
2017-05-29 01:29:05 +01:00
Daniel Hensby
9a38bedd18
Added 3.5.4-rc1 changelog
2017-05-29 00:08:27 +00:00
Daniel Hensby
24166700e8
Merge remote-tracking branch 'security/3.4.6' into 3.5.4
2017-05-29 01:02:35 +01:00
Daniel Hensby
b5ad4bdcc6
Added 3.4.6-rc2 changelog
2017-05-28 23:49:04 +00:00
Daniel Hensby
eeb549faf3
Added 3.4.6-rc1 changelog
2017-05-28 21:34:38 +00:00
Aaron Carlino
06615e3d76
Resample doc images for react di
2017-05-26 11:08:07 +12:00
Chris Joe
5ec8d40c19
Merge pull request #6957 from open-sausages/pulls/4/react-di-documentation
...
Docs for React DI
2017-05-26 10:59:42 +12:00
Daniel Hensby
893f19a5ea
DOCS Updating index definition examples
2017-05-25 23:29:12 +01:00
Aaron Carlino
bfc373cf0f
update docs with new api
2017-05-25 16:34:32 +12:00
Aaron Carlino
75981989b0
Docs for React DI
2017-05-25 14:58:55 +12:00
Christopher Joe
e327bf3c70
Enhancement add contribution notes about releasing to NPM
2017-05-24 17:07:05 +12:00
Damian Mooyman
fba8e2c245
API Remove Object class
...
API DataObjectSchema::manyManyComponent() return array is now associative array
2017-05-23 13:50:35 +12:00
Damian Mooyman
2aa3b5d5fa
Merge pull request #6934 from robbieaverill/pulls/4.0/consistent-instance-method
...
API Consistent use of inst() naming across framework
2017-05-22 11:57:20 +12:00
Damian Mooyman
4197090e11
Merge pull request #6940 from kinglozzer/randomgenerator
...
Only use random_bytes() for RandomGenerator (closes #6397 )
2017-05-22 10:29:55 +12:00
Loz Calver
e653e90997
Only use random_bytes() for RandomGenerator ( closes #6397 )
2017-05-19 11:18:56 +01:00
Robbie Averill
f2cbe86f03
Remove CustomMethods::createMethod and create_function implementations, replace with closures
2017-05-19 15:56:44 +12:00
Robbie Averill
ad43a82923
API Consistent use of inst() naming across framework
2017-05-19 14:38:06 +12:00
Ingo Schommer
100048da33
API PSR-11 compliance ( fixes #6594 ) ( #6931 )
...
Note that our usage of `$asSingleton` in `get()` is fine. Quote from the PSR:
> Two successive calls to get with the same identifier SHOULD return the same value. However, depending on the implementor design and/or user configuration, different values might be returned, so user SHOULD NOT rely on getting the same value on 2 successive calls.
2017-05-19 13:45:07 +12:00
Daniel Hensby
283e3279be
Merge branch '3.6' into 3
2017-05-18 13:55:07 +01:00
Loz Calver
471166c15e
Merge pull request #6169 from open-sausages/pulls/4.0/duplicate-manymany-option
...
API Duplication of many_many relationships now defaults to many_many only
2017-05-17 09:31:09 +01:00
Damian Mooyman
f5f6fdce12
API Duplication of many_many relationships now defaults to many_many only
...
Fixes https://github.com/silverstripe/silverstripe-cms/issues/1453
2017-05-16 23:26:39 +12:00
Colm McBarron
8666d4abb2
Update YAML format to use namespace
2017-05-16 11:49:39 +01:00
Damian Mooyman
259f957ce8
API Rename services to match FQN of interface / classes
2017-05-16 14:15:49 +12:00
Damian Mooyman
0b70b008b3
API Implement InheritedPermission calculator ( #6877 )
...
* API Implement InheritedPermission calculator
* API Rename RootPermissions to DefaultPermissionChecker
API Refactor inherited permission fields into InheritedPermissionExtension
API Introduce PermissionChecker interface
2017-05-11 21:07:27 +12:00
Aaron Carlino
7fa47e234f
New API for minified files using injectable service
2017-05-11 10:14:16 +12:00
Daniel Hensby
9bdce9790d
Added 3.6.0-beta2 changelog
2017-05-10 21:55:25 +01:00
Ingo Schommer
da3236b0e7
Merge pull request #6887 from open-sausages/pulls/4.0/docs-calendar-year-format
...
Doc dateformats with calendar year
2017-05-09 23:07:25 +12:00
Loz Calver
7ae203908f
Merge pull request #6882 from robbieaverill/patch-6
...
DOCS Fix broken markdown rendering in 03_Template_debugging.md
2017-05-09 09:38:28 +01:00
Sam Minnée
33119a1f36
Merge branch 'master' into pulls/4.0/remove-deprecated-methods
2017-05-09 15:31:53 +12:00
Ingo Schommer
7c2f49d443
API Removed RootURLController:set_default_homepage_link()
2017-05-09 11:38:35 +12:00
Ingo Schommer
cec983b628
API Removed deprecated ModelAsController::find_old_page()
2017-05-09 11:38:35 +12:00
Ingo Schommer
5784a7d2d7
API Removed deprecated Security::set_login_recording()
2017-05-09 11:38:35 +12:00
Ingo Schommer
2a7c76e9e9
API Removed deprecated DatabaseAdmin#clearAllData()
2017-05-09 11:38:35 +12:00
Ingo Schommer
81e5c7ac40
API Removed deprecated Session::set_config()
2017-05-09 11:38:35 +12:00
Ingo Schommer
1d438d3fb5
API Remove deprecated FormAction::createTag()
2017-05-09 11:38:35 +12:00
Ingo Schommer
0d9b383631
API Removed legacy form fields ( fixes #6099 )
2017-05-09 11:16:41 +12:00
Ingo Schommer
20e57e9dec
Doc dateformats with calendar year
...
https://github.com/silverstripe/silverstripe-framework/issues/3749
http://stackoverflow.com/questions/1978051/zend-datetostring-outputs-the-wrong-year-bug-in-my-code-or-zend-date
https://en.wikipedia.org/wiki/ISO_week_date#Disadvantages
2017-05-08 22:08:14 +12:00
Jake Bentvelzen
ecefcc8f0e
DOC Add documentation for how to use alternate ConfigStaticManifest
2017-05-08 17:52:13 +12:00
Robbie Averill
f2b21fb828
DOCS Fix broken markdown rendering in 03_Template_debugging.md
2017-05-08 17:40:02 +12:00
Damian Mooyman
942c0257b7
API Upgrade to behat 3
2017-05-05 14:32:07 +12:00
Damian Mooyman
edcb46bd3a
Merge pull request #6836 from sminnee/cli-error-fix
...
FIX: Show detailed errors on CLI for live environments
2017-05-03 15:49:09 +12:00
Aaron Carlino
dd7777321f
Added 4.0.0-alpha7 changelog
2017-05-02 13:16:17 +12:00
Sam Minnee
4c772c80c3
FIX: Show detailed errors on CLI for live environments
...
API: Add HTTPOutputHandler::setCLIFormatter
Fixes https://github.com/silverstripe/silverstripe-framework/issues/6835
This provides detailed errors (but not warnings or notices) in CLI calls
on live environments.
It does this by adding a 2nd argument to our output handler,
CliFormatter. This formatter will be used when Director::is_cli() is
true.
2017-05-01 15:28:48 +12:00
Damian Mooyman
61388b153f
API Rewrite Date and Time fields to support HTML5
2017-04-28 10:06:37 +12:00
Ingo Schommer
a73abbfcb8
unit test cleanup
2017-04-27 09:18:38 +12:00
Ingo Schommer
1ec2abe75f
Fixed timezone and normalised ISO handling
...
A few observations:
- ISO says “T” is optional (https://en.wikipedia.org/wiki/ISO_8601#cite_note-21 ),
- WHATWG says in the HTML5 spec that it’s optional (https://html.spec.whatwg.org/multipage/infrastructure.html#local-dates-and-times )
- W3C says it’s reqiured in 1997 (https://www.w3.org/TR/NOTE-datetime ), but then later says it’s optional in its HTML5 spec (https://www.w3.org/TR/html5/infrastructure.html#floating-dates-and-times ).
- Chrome doesn’t parse values with whitespace separators (requires "T")
- DataObject DBDatetime values and database columns use whitespace separators (and will have many devs relying on this format)
- MySQL only supports whitespace separators (https://dev.mysql.com/doc/refman/5.7/en/datetime.html )
- SQLite can parse both ways (https://sqlite.org/lang_datefunc.html )
So the goal here is to retain ORM/database compatibility with 3.x (whitespace separator),
while exposing "T" separators to the browser in HTML5 mode.
Regarding timezones, this fixes a regression where setValue() would not actually
apply the timezone (last $value assignment is ineffective now that sub fields are removed).
2017-04-26 22:55:29 +12:00
Saophalkun Ponlu
507add8566
Update changelogs
2017-04-26 22:45:07 +12:00
Robbie Averill
0391596786
DOCS Remove tabs from JSON examples to fix code blocks
2017-04-23 21:14:12 +12:00
Simon Erkelens
ff3ad6eb6b
Use Config
for authenticator settings
2017-04-22 14:48:56 +12:00
root
96d323fba1
Added 3.6.0-beta1 changelog
2017-04-21 11:49:44 +01:00
Damian Mooyman
c21f71405f
Merge pull request #6823 from open-sausages/pulls/4.0/remove-TeamCityListener
...
Removed TeamCityListener
2017-04-21 15:56:20 +12:00
Damian Mooyman
629465584e
Merge pull request #6825 from open-sausages/pulls/4.0/skip-without-phpunit
...
Don't fail dev/build without phpunit
2017-04-21 15:38:22 +12:00
Chris Joe
430c7ad79a
Merge pull request #6824 from micmania1/patch-13
...
DOCS Corrected logger documentation
2017-04-21 15:18:22 +12:00
Ingo Schommer
0a55ff9f8c
API Remove SapphireTestReporter and CliTestReporter
...
Was missed from the removal of PHPUnitWrapper:
a16588aac3
Original reason for this: Don't fail dev/build without phpunit
When you install a SilverStripe project with "composer install --no-dev",
the PHPUnit dependency gets skipped. Which means the PHPUnit_Framework_TestListener
interface doesn't exist. The SilverStripe Classloader might still include
SapphireTestReporter which relies on this interface, which then breaks execution.
SS3 fixed this by NOT defining the class in the first place.
This has been removed in 2fdc96a0de (diff-82b3f89e8e5ae090c93e9c3a2ba8aa36L3)
,
as part of a PHPUnit version upgrade - but without an apparent fix to replace this.
2017-04-21 15:11:59 +12:00
Michael Strong
484e15807c
DOCS Corrected logger documentation
2017-04-21 13:15:14 +12:00
Ingo Schommer
60e4c011de
Removed TeamCityListener
2017-04-21 12:13:13 +12:00
Michael Strong
649dad526b
DOCS Fixed namespace for factory
2017-04-21 10:54:21 +12:00
Damian Mooyman
2548bfba1e
API Replace SS_HOST with SS_BASE_URL
...
API Remove Director::$test_servers / $dev_servers
API Remove MODULES_PATH / MODULES_DIR constants
ENHANCEMENT Injector backtick syntax now supports environment variables as well as constants
Fixes #6588
2017-04-20 22:28:57 +12:00
Aaron Carlino
fdd9ad6dbc
MINOR: Add documentation for aggregate filters ( #6796 )
...
* MINOR: Add documentation for aggregate filters
* Update 01_Data_Model_and_ORM.md
* Update 01_Data_Model_and_ORM.md
2017-04-19 15:44:00 +12:00
Sam Minnee
9b1baa9503
DOCS: API changes from f862ce71d5
2017-04-18 17:04:40 +12:00
Damian Mooyman
e2b0c56175
Merge pull request #6791 from caffeineinc/master
...
Documentation: Updated Index & Secure Coding Practices
2017-04-18 11:24:25 +12:00
Damian Mooyman
136b67f597
API Major refactor of Hierarchy into MarkedSet
2017-04-13 16:27:13 +12:00
Damian Mooyman
22b6835537
Move cache upgrade instructions into Upgrading Guide section
2017-04-13 16:23:05 +12:00
Simon Gow
5f82997690
Secure Coding - Security Headers, Force HTTPS and Cookies
...
- Amending best practices for secure coding to enforce HTTPS
- Add security headers to enforce HTTPS
- Ensure secure cookies are used.
- Added links for testing, changed documentation as part of peer review.
- Arrange headers to work with HTTP interface.
- fixed Cache-Control case
- Added reference to Secure Sessions.
- Replaced Cardinality with unique
- Fixed innacurate reference to decendant.
- Consistent spelling
- Databases over DBMSs
2017-04-13 13:59:02 +12:00
Simon Gow
8d2a1ba8be
Index documentation
...
- updating index documentation to give a better description of how to improve performance with silverstripe applications
2017-04-07 11:27:07 +12:00
Damian Mooyman
92a5e4a057
API Refactor CMS-specific code out of LeftAndMain
2017-04-06 13:26:32 +12:00
Damian Mooyman
5c50ab5884
Added 4.0.0-alpha6 changelog
2017-04-05 16:17:48 +12:00
Damian Mooyman
ed9b2edf7d
Added 4.0.0-alpha6 changelog
2017-04-05 16:13:01 +12:00
Sam Minnee
061b71328b
Update docs.
2017-04-05 11:06:10 +10:00
Nic
091d355059
DOCS update example to use Config::modify
2017-04-04 19:18:23 -05:00
Damian Mooyman
24d1207eb9
Merge pull request #6769 from sminnee/mssql-community-support
...
NEW: Downgrade MSSQL from commercially supported to community supported
2017-04-05 10:23:26 +12:00
Ingo Schommer
5b2106ad8a
Corrected i18n docs
2017-04-03 20:04:43 +12:00
Sam Minnee
bb880a3257
FIX: Clarify PHP 5.6 support for 4.x
2017-04-03 12:29:34 +12:00
Sam Minnee
8b1c020b9f
NEW: Downgrade MSSQL from commercially supported to community supported
...
As of SS4 I recommend that we clarify the level of support we provide
for MSSQL. The testing coverage of MSSQL and production use of it in
systems supported by the core team both seems very low.
MSSQL support was a lot more important in a pre-cloud-hosting world, but
these days our recommendation is to run SilverStripe on a stack that its
designed to work with rather than trying to fit it into your existing
hosting infrastructure.
2017-04-03 12:29:23 +12:00
Ingo Schommer
3b94d14e42
MERGE
2017-04-03 12:11:21 +12:00
Ingo Schommer
326aa37ea4
API HTML5 date/time fields, remove member prefs ( fixes #6626 )
2017-03-31 15:21:47 +13:00
Ingo Schommer
4b79940368
API Drop IE10 support ( fixes #6321 )
2017-03-31 10:50:42 +13:00
Daniel Hensby
ac075eaf0b
Remove TestListener and rely on PHPUnits APIs
2017-03-30 11:46:58 +13:00
Ingo Schommer
dfc0dec7b3
Require LICENSE in supported modules (no *.md)
...
It's more standard to have this file in the webroot.
It's technically markdown compatible text (e.g. asterisk bullet points),
but there's not much point in rendering it via markdown.
If you use the Github "new repo" dialog, it'll create the file without
an extension, so that's pretty much considered the standard.
2017-03-28 16:12:24 +13:00
Sam Minnée
cfa6a36697
Merge pull request #6706 from open-sausages/pulls/4.0/manifest-cache
...
API Build new ManifestCache based on PSR-16 SimpleCache
2017-03-21 10:29:03 +13:00
Damian Mooyman
480597e5ff
Add missing docs to upgrading guide for cache config
2017-03-21 09:43:49 +13:00
Damian Mooyman
3a0099161b
API Remove Log class
2017-03-21 09:43:49 +13:00
Damian Mooyman
54ba08a306
API Replace ManifestCache with ManifestCacheFactory
...
API Remove lots of deprecated module code from ClassManifest
2017-03-21 09:43:48 +13:00
Ingo Schommer
1efa22f9bb
Reinstate 7.0 support, clarify policy
...
We’ve discussed dropping support for 5.6 once it’s EOL on https://github.com/silverstripe/silverstripe-framework/issues/6705 .
The same question needs to be asked for 7.0, which goes EOL in the same month. And should be generalised to future PHP versions.
Follow up to https://github.com/silverstripe/silverstripe-framework/pull/6718/
2017-03-21 08:28:08 +13:00
Ingo Schommer
6e58408806
Drop PHP 5.5 support, limit PHP 5.6 to 2018
...
Fixes #6705
2017-03-20 10:34:24 +13:00
Damian Mooyman
ce14060913
API Apply default logger to all caches
...
API Rename ‘Logger’ service name to ‘Psr\Log\LoggerInterface’
API DefaultCacheFactory constructor now takes an array of default arguments
2017-03-15 15:31:24 +13:00