See discussion at https://groups.google.com/forum/?fromgroups#!topic/silverstripe-dev/Dodomh9QZjk
Fixes an access issue where all public methods on FormField were allowed,
and not checked for $allowed_actions. Before this patch you could e.g.
call FormField->Value() on the first field by using action_Value.
Removes the following assertion because it only worked due to RequestHandlingTest_AllowedControllerExtension
*not* having $allowed_extensions declared: "Actions on magic methods are only accessible if explicitly allowed on the controller."
FIX: Ensure SSViewer::hasTemplate() is aware of themes.
To do this, RequestHandler::definingClassForAction() has been created, splitting out the code that looks up the class that defines a given action into its own method. This is then overridden in Controller to look at templates.
Since ViewableData was returning a casting helper for Link, but DataObject was
only using $this->$fieldname to set values on that casting helper, you could
not use <% if Link %> (or <% if $Link %>) in your templates because Link is not
a field, and thus had no value to be set on the casting helper, causing
hasValue to think that there was no value. Since DataObject->dbObject says that
"it only matches fields and not methods", it seems safe to have it call db(..)
to get the field spec, and not call ViewableData->castingHelper at all.
Broke after I optimized it to work with a TreeDropdownField
which assumes <li><a> structures that thie "preview" dropdowns
don't have. I also failed at the recursion assignment, causing
infinite loops...
SQLQuery->setLimit(0, 99) should result in "SELECT ... LIMIT 0 OFFSET 1".
In fact it does "SELECT ..." without a LIMIT clause at all,
which is unexpected. This is regardless of the $offset value.
This caused problems when duplicate() was used in the CMS UI
to duplicate a SiteTree object. Since every object of this type
has a ParentID relation, it copied this empty relation into
new "ghost page".
See https://github.com/silverstripe/silverstripe-cms/issues/689
This is a necessity for any further 3.1 pushes of master files to getlocalization.
Because we'd otherwise remove existing master strings for CTF etc,
which means we can no longer backport new translations to 3.0
(and there's no way for users to contribute translations to 3.0 via getlocalization).
It's still a very monolithic class, but at least I've refactored it to return
all collected strings without writing it to files (for easier testing).
Per [RFC 2616 section 5.1.1][ietf], HTTP methods are case-sensitive.
- Change the internal representation of the form's method to upper case
- Update FormTest to accommodate the case changes
- Change method to lower case for HTML in Form#getAttributesHTML()
[ietf]: http://tools.ietf.org/html/rfc2616#section-5.1.1
Supports passing an array to removeByName(), which is iterate and then removed. Useful for removing fields from a fieldlist that are not on a tab. Similar to removeFieldsFromTab();
This is cleaner than a new function.
Anyone who has run "sudo -u www-data ./framework/sake dev/build" knows that SilverStripe's temp
folder permissions can be very brittle. This patch resolves this by making the temp folder
user-specific.
To minimise directory pollution it first creates a chmod 777 parent folder with the same name
as the current folder. It then creates a subfolder of this with the same name as the current
user.
The positive impact of this change is that sake can be used without fear of messing up file
permissions. This means, among other things, that we can put a Composer post-update-cmd into
the installer to run dev/build. Progress!
The negative impact is that you will get two caches if you run sake as a different user. However,
that is much better than the current situation - which is a bunch of bugs - and if you're concerned
about that, you still have the option of running sake as www-data.
Fixes http://open.silverstripe.org/ticket/6473
When using CSVParser::$columnMapping to map columns to a callback action, it previously used the action name as the key value. This prevented users from defining multiple entries to the same callback. This patch retains those key values and simply runs the callback field name filter later on.
Fixes http://open.silverstripe.org/ticket/5577.
Uses Zend_Locale_Format::isNumber(). Includes unit test for NumericField. Does not include testing work on DBField underlying NumericField to ensure that works consistently.
Fixes http://open.silverstripe.org/ticket/6210.
Replaces the hardcoded file patterns from Folder::syncChildren() with a new static Filesystem::$sync_blacklisted_patterns to describe files and folder names to skip when running Folder::sync().
Added unit test for Folder::sync()
Extended Folder::sync() to report on the number of file / folders skipped.
FIX: Instead of CsvBulkLoader->findExistingRecord out right failing (i.e. no duplicate found) when the duplicate check field is empty, it will now continue on to check other duplicateCheck fields.
Added extra testing data to CSVBulkLoaderTest so that it fails.
When DataObject::update() is run with relation fields and the relationship
is new the relationship ID was not set on the DataObject. This patch fixes
this. Fixes issue 6195 in open.silverstripe.org.
With a many to many relation, e.g. SiteTree_MyRelation, and listing
them in your template then adding ?archiveDate=x in the URL, a SQL
error is shown because Versioned::augmentSQL() tries to query the
non-existent table "SiteTree_MyRelation_versions" assuming there's
versioning setup, but there isn't.
It was using $fieldName, which is the CSV field name, not the database
field name. This prevents duplicate detection from working. It now
properly uses $SQL_fieldName.
Update CsvBulkLoaderTest to remove keys that are nonexistent in the CSV
test data. Having them causes the test to fail with an undefined-index
error. This did not previously fail because of the bug in CsvBulkLoader
that this patch fixes. This partially reverts c4eac53.
Since that used to be the default shortcode notation
for our core "insert media" functionality, its important
to have this fixed and keep supporting "legacy" content
created with 3.0.
DO NOT MERGE: to be reviewed. Only i18n & Deprecation classes use
->getModules() as far as I can see. Given that the method still simply
returns an array of modulename => modulepath, I don't think it's really
an API change
The parser could sometimes generate invalid code if the
source-file-comments were enabled, this moves the comments outside the
html-tag to circumvent these problems, update test as well.
Rendering potentially 1000s of nodes can exceed the CPU and memory constraints
of a normal PHP process, as well as the rendering capabilities of browsers.
Set a hard maximum for the renderable nodes, deferring to a "show as list" action
in the main CMS tree. For TreeDropdownField, we don't have the list fallback option,
so ask the user to search for the node title instead.
Also makes both the "node_threshold_total" and "node_threshold_leaf" values configurable
Strictly speaking, no longer required since we auto-quote simple
field names in DataQuery now, but since the majority of sorts in core is
already quoted we should stay consistent.
They are now accessed via the Config API, and contain associative rather than indexed arrays.
Before: `array('de_DE' => array('German', 'Deutsch'))`, after: `array('de_DE' => array('name' => 'German', 'native' => 'Deutsch'))`.
Also fixed a i18n.js_i18n config accessor
Anyone who has run "sudo -u www-data ./framework/sake dev/build" knows that SilverStripe's temp
folder permissions can be very brittle. This patch resolves this by making the temp folder
user-specific.
To minimise directory pollution it first creates a chmod 777 parent folder with the same name
as the current folder. It then creates a subfolder of this with the same name as the current
user.
The positive impact of this change is that sake can be used without fear of messing up file
permissions. This means, among other things, that we can put a Composer post-update-cmd into
the installer to run dev/build. Progress!
The negative impact is that you will get two caches if you run sake as a different user. However,
that is much better than the current situation - which is a bunch of bugs - and if you're concerned
about that, you still have the option of running sake as www-data.
* Due to missing break, the T_STRING case would fall through to array.
* The values were being added to the wrong variable.
* Added missing support for missing null values.
- Renamed $minNodeCount to more accurate $nodeCountThreshold
- The $minNodeCount attribute wasn't properly respected
during actual querying, so SilverStripe would always traverse
the entire tree (and load all objects into memory),
before then marking nodes as "unexpanded", which prevents
them from actually being rendered.
- Fixes nodes on search results to be expanded by default
- Fixes nodes on search results to correctly ajax-expand
Extracted common code out to SS_HTMLValue and made abstract, then
put HTML 4 specific code in SS_HTML4Value. Its now possible to
replace HTMLValue with one designed for HTML 5 or XHTML
Requires a code change from new SS_HTMLValue to
Injector::inst()->create(HTMLValue)
This is to fix a bug that caused CheckboxSetFields to throw an error
when trying to call this function when editing a new DataObject. This
occurred when using the advancedworkflow module.
Thanks to simonwelsh for the majority of the work on this fix.
Creates a package definition from the framework version being built,
and uses composer to install it into an installer project, as well
as the required modules for testing.
Pull requests are always on a branch, and this branch
typically is not present on the installer.
This changes means we need to be careful when merging into 3.1
and master, but that's a necessary evil.
Pull requests are always on a branch, and this branch
typically is not present on the installer.
This changes means we need to be careful when merging into 3.1
and master, but that's a necessary evil.
Pull requests are always on a branch, and this branch
typically is not present on the installer.
This changes means we need to be careful when merging into 3.1
and master, but that's a necessary evil.
RequestHandler#handleAction now exists. It takes the request, and
the action to call on itself. All calls from handleRequest to call an action
will go through this method
Controller#handleAction has had it's signature changed to
match new RequestHandler#handleAction
RequestHandler#findAction has been added, which extracts the
"match URL to rules to find action" portion of RequestHandler#handleRequest
into a separate, overrideable function
GridField#handleAction has beeen renamed to handleAlterAction and
CMSBatchActionHandler#handleAction has been renamed to handleBatchAction to
avoid name clash with new RequestHandler#handleAction
Reason for change: The exact behaviour of request handling depended heavily
on whether you inherited from RequestHandler or Controller, and whether the
rule extracted it's action directly (like "foo/$ID" => 'foo') or dynamically
(like "$Action/$ID" => "handleAction"). This cleans up behaviour so
all calls follow the same path through handleRequest and handleAction, and
the additional behaviour that Controller adds is clear.
allowed_actions is now only allowed to reference public methods defined
on the same Controller as the allowed_actions static, and
the wildcard "*" has been deprecated
This will prevent empty passwords to set the encryption to 'none',
which in turn will store any subsequent password changes in cleartext.
Reproduceable e.g. with ConfirmedPasswordField and setCanBeEmpty(true).
Controller (and subclasses) failed to enforce $allowed_action restrictions
on parent classes if a child class didn't have it explicitly defined.
Controllers which are extended with $allowed_actions (through an Extension)
now deny access to methods defined on the controller, unless this class also has them in its own
$allowed_actions definition.
Shortcodes have traditionally had a problem that they are inside <p> tags,
but generate block level elements. This breaks HTML compliance.
This makes the shortcode parser now mutate the DOM based on the "class" attribute on
the shortcode to insert the generated block level element at the right place in the DOM
- for "left" and "right" elements it puts them just before the block level
element they are inside
- for "leftAlone" and "center" elements it splits the DOM around the shortcode.
The trade off is that shortcodes are no longer "text level" features. They need
knowledge of the HTML they are in to perform this transformation, so they can
only be used in (valid) HTML
Because I removed completely the static setting of SSL_VERIFYPEER I've
added the ability to declare default curl options on the class. This
means that users that really want to one line turn off SSL_VERIFYPEER
can do so without needing to pass a custom option in every request()
call.
Before now, the RestfulService_Response object was never sent the
response headers. For APIs that rely on the response headers to send
back information (signatures, pagination info, etc).
This change makes the curl response have the full HTTP response
(including Headers). We then extract the body and the header information
and assign them to relevant vars and then construct the response as
before (with the addition of the headers array).
This change required two new functions:
extractResponse: This extracts the HTTP Headers and the payload from the
curl response and assigns it to the relevany vars that are passed by
reference
parseRawHeaders: This was designed to mimic http_parse_headers (a
non-standard php class). It converts the headers into an associative
array.
If creating an object using Injector::create() and constructor arguments
are passed through, in some cases where the object being created had a yml
configuration set for it, the passed in constructor arguments weren't being
passed through to the instantiation of the object.
Lazy loading no longer loads fields from the versions table when querying. This could lead to incorrect data being displayed if the data on the object and the version it pointed to did not match.
API methods to allow setting of the context of the query that generated the DataObject on that object (used by the lazy loading mechanism to correctly query the Stage, Live, or Versions tables)
See https://github.com/silverstripe/sapphire/pull/1178 for context.
Lazy loading no longer loads fields from the versions table when querying. This could lead to incorrect data being displayed if the data on the object and the version it pointed to did not match.
API methods to allow setting of the context of the query that generated the DataObject on that object (used by the lazy loading mechanism to correctly query the Stage, Live, or Versions tables)
See https://github.com/silverstripe/sapphire/pull/1178 for context.
urlRewriter will expect a callable as a second parameter,
but will work with the current api and simply raise a deprecation error.
HTTP::absoluteURLs now correctly rewrites urls into absolute urls. Resolves introduced in c56a80d6ce
HTTP::absoluteURLs now handles additional cases where urls were not translated.
Test cases for HTTP::absoluteURLs added for both css and attribute links.
Cleaned up replacement expression and improved documentation.
This reverts commit 356a367eb5.
We can't use headers_sent() to determine an accurate
content length, since PHP defaults to buffering a couple of bytes
even without ob_start() (see "output_buffering" setting).
This makes the patch harmful, since it breaks any responses relying
on more structure data, like removing closing brackets from JSON.
Which in turn breaks the CMS in horrible ways (see #8010).
See #7574 for context.
This is the companion setting to canUpload, letting you control whether existing files from the asset store can be referenced. It's particularly useful when using UploadField on the front-end.
Otherwise conditional logic will only succeed
when run through "sake dev/tests", not when
run through phpunit directly (which is the recommended way now)
This causes a 'Fatal error: Call to a member function hasMethod() on a non-object'.
This can happen when displaying a field in a gridfield on a belongs_to relationship.
+ has a special meaning in the URLs so overall it's a good idea to
strip them out. Otherwise they would need to appear in their ugly url
encoded form "%2B".
Refer: http://open.silverstripe.org/ticket/7929
BUG Issue with deleted records not being queried properly.
API DataQuery::expressionForField no longer requires a second parameter. Rather the query object is inferred from the DataQuery itself. This should improve consistency of use of this function.
Introduced new FormField->castedCopy() method
which tries to replicate the existing form field instance
as closely as possible.
Primarily, the fix was targeted at consistently passing
through FormField->description to all of its variations.
In 3.0 there was some confusion about whether DataLists and ArrayLists
were mutable or not. If DataLists were immutable, they'd return the result, and your code
would look like
$list = $list->filter(....);
If DataLists were mutable, they'd operate on themselves, returning nothing, and your code
would look like
$list->filter(....);
This makes all DataLists and ArrayList immutable for all _searching_ operations.
Operations on DataList that modify the underlying SQL data store remain mutating.
- These functions no longer mutate the existing object, and if you do not capture the value
returned by them will have no effect:
ArrayList#reverse
ArrayList#sort
ArrayList#filter
ArrayList#exclude
DataList#dataQuery (use DataList#alterDataQuery to modify dataQuery in a safe manner)
DataList#where
DataList#limit
DataList#sort
DataList#addFilter
DataList#applyFilterContext
DataList#innerJoin
DataList#leftJoin
DataList#find
DataList#byIDs
DataList#reverse
- DataList#setDataQueryParam has been added as syntactic sugar around the most common
cause of accessing the dataQuery directly - setting query parameters
- RelationList#setForeignID has been removed. Always use RelationList#forForeignID
when querying, and overload RelationList#foreignIDList when subclassing.
- Relatedly,the protected variable RelationList->foreignID has been removed, as the ID is
now stored on a query parameter. Use RelationList#getForeignID to read it.
Session is not initialized by the time we need to use
the setting in DB::connect(). Cookie values get initialized
automatically for each request.
Tightened name format validation to ensure it can only
be used for temporary databases, rather than switching
the browser session to a different production database.
Encrypting token for secure cookie usage.
Added dev/generatesecuretoken to generate this token.
Not storing in YML config directly because of web access issues.
Fixed issue where convertServiceProperty is called when creating objects
with user-supplied constructor arguments, so that it's only called when
creating objects using injector configuration. This reduces the overhead
of unnecessary calls to convertServiceProperty.
Updated test cases to validate behaviour
Enables more generic use of the fixture facilities
without dependency on the YAML format, for example
when creating fixtures from Behat step definitions.
Note: The YamlFixture class needs to be created via
Injector::inst()->create('YamlFixture') now,
direct instantiation is no longer supported.
This bug will surface when using the ORM and adding an join to DataList
where a DataObject inherits another DataObject.
If you for example want to restrict the number of pages that only have a
related Staff object:
$list = DataList::create('Page')
->InnerJoin('Staff', '"Staff"."ID" = "Page"."StaffID");
This will create a SQL query where the INNER JOIN is before the
LEFT JOIN of Page and SiteTree in the resulting SQL string. In MySQL
and PostgreSQL this will create an invalid query.
This patch solves the problem by sorting the joins.
Resolves an issue where if not using the themes directory (i.e just a single app folder) you cannot override module templates.
Changes the SS_TemplateManifest constructor with a new $project argument.
Avoid PHPUnit throwing "test didn't run any assertions"
notices in PHP. If nothing else, it keeps test output
looking less broken by default, making it more likely
that actual errors do get noticed.
Quoted table / column names to make test cases work in postgres
BUG Fixed issue with SQLQuery::lastRow crashing on empty set. Added test cases for lastRow and firstRow.
Quoted table / column names to make test cases work in postgres
Merge branch '3.0-sqlquery-lastrow-fix' of github.com:tractorcow/sapphire into 3.0-sqlquery-lastrow-fix
Refactor the code to make it clear the distinction is made between a
plaintext token and a hashed version. Rename fields so it is more
obvious what is being written and what sent out to the user.
This reuses the salt and algorithm from the Member, which are kept
constant throughout the Member lifetime in a normal scenario. If they do
change, users will need to re-request so the hashes can be regenerated.
The existence of .ss-tabset triggers JS which applies $.tabs(),
and in turn interprets the first available link as the tab navigation.
jQuery UI subsequently tries to ajax-load this link, which is not
desired. Instead, $.tabs() should *only* be applied to a container
DOM element with .cms-tabset applied.
It was setting a NULL empty string when constructing the field,
which shouldn't call setEmptyField() in the first place.
This logical error somehow just surfaced when the HTML output
wasn't run through tidy.
See https://github.com/silverstripe/sapphire/pull/886
When a user renames a file to "__test.txt" (two underscores or more),
then FileNameFilter will only remove the very first underscore from the
filename. This is not sufficient, as any number of underscores in the
filename will be problematic when Filesystem::sync() is called, it will
remove that File record thinking it's an internal file. This fixes it
so any number of underscores are stripped out at the start of the filename.
API Added Convert::nl2os function to normalise end of line characters across systems with tests
BUG Fixed i18n unit tests in non-unix systems constantly failing
BUG Fixed problems with HTMLCleaner tests failing in non-unix systems
The specific situation where this is useful is where populateDefaults on
DataObjects needs to query the database. This will break the dev/build
when it tries to create the object via singleton - the query will not be
able to be executed if the table is not there or its schema has changed.
For an example of such use case see Translatable::populateDefaults.
If formatOutput is set to TRUE, then the regexes in getContent()
will not match the newlines, and the output will include html, body
and meta tags. Introduce a few new tests to ensure the output is
correct, and fix the regex.
Using late static binding makes it possible to override SS_Log to create
logs which are separate to the main Silverstripe log but still use the
built in functionality.
Add test for SS_Log subclassing.
At this stage, the test just checks line-length and line-endings, but previous commits have ensured that framework actually passes those tests. We can add more tests as we actually correct the code to pass those tests, and grow the test suite, as we had for unit tests.
The entire framework repo (with the exception of system-generated files) has been amended to respect the 120c line-length limit. This is in preparation for the enforcement of this rule with PHP_CodeSniffer.
These APIs are primarily intended to let developers write custom 404 handlers. They can define an onBeforeHTTPError404() method on an Extension that gets added to Controller or RequestHandler.
The SS_HTTPResponse_Exception object has also been tidied up to override the status info of any SS_HTTPResponse object that might get passed. This is mainly to make it easier for callers (such as ContentController and ModelAsController) to use RequestHandler::httpError() more consistently.
Adds three extra methods to Data/SQLQuery query that allow for starting
a disjunctive subgroup, a conjunctive subgroup and for ending a subgroup.
Database::sqlWhereToString() now builds up the WHERE clause one by one
instead of with a straight implode. Uses a stack to know which conenctive
to use.
This is a fix for ticket #7670. Some hosting situations don't
allow write access to the system temp path. tiny_mce_gzip.php is currently
using sys_get_temp_dir() by default, and not using a local silverstripe-cache
folder that may exist in the SilverStripe project.
This change moves the getTempFolder() function into a common file, and
includes that in core/Core.php, as well as thirdparty/tinymce/tiny_mce_gzip.php
so both locations share the same code to work out the temp path.
The issue was raised in #7628, where an anchor tag was being changed from
<a name="anchor"></a> to <a name="anchor"/> by SS_HTMLValue, when
HtmlEditorField::saveInto() parses the HTML fragments.
This is because SS_HTMLValue uses DOMDocument::saveXML(), which is fine
for saving an XML document, but not suitable for HTML. This fix changes
that to use DOMDocument::saveHTML() instead.
Note that we can't use the parameter to saveHTML() for selecting a single
node only, as that's only supported in PHP 5.3.6+, SilverStripe 3.0 supports
PHP 5.3.2 as a minimum. The workaround for this shortcoming is to replace
unncessary output by DOMDocument with a regular expression.
ADDED: Test cases correctly checking for changes (and no changes) to the data model for both fields and indexes.
FIXED: References to indexes throughough the code that probably should have quoted field names. This prevents a lot of 'spam' during dev build. This includes an updated FulltextSearchable test case.
CMSProfileController currently checks canView() which ensures that a logged in CMS
Member can access the profile controller, but when saving the record on Member_ProfileForm
there is no check for canEdit(), so extended permissions don't get respected.
This adds a check for canEdit() in Member_ProfileForm, and adds some functional tests
to check permissions.
The table name in the join was being escaped, though table
names aren't escaped anywhere else. This breaks
namespaced classes, which rely on unescaped backslashes.
The Travis config will now run tests on the following instances
* 5.3 + SQLite
* 5.3 + MySQL
* 5.3 + PostgreSQL
* 5.4 + MySQL
In other words, with the exception of Windows tech (MSSQL + Win server) this is a wide-coverage build config.
ADDED: HTTP_Request::params() to retrieve all (shifted) params used in the request
FIXED: Issue where route-table level arguments would not be accessible without using non-deprecated API.
ADDED: Test case to test the above items
UPDATED: Extended Director::test to allow for the retrieval of the request object
UPDATED: Deprecated notice on Director::urlParam and Director::urlParams
REMOVED: Unused variable
FIXED: Coding convention conformity
The values in $values aren't returned in any order, so this test can randomly fail. This
changes the check from expected = $values to $values \cap expected = $value. PHP's array_intersect
maintains the keys of the first array, so order is preserved. The intersect also guarentees that the
only accepted values are the expected ones.
