Partially reinstates the 3.x style PhpUnitWrapper which was removed in d1af214ef5.
While we no longer need the full wrapper, the part which creates a fake class is still useful.
The preferred alternative would be to remove any references to SapphireTest from non-dev files,
which mostly applies to SapphireTest::is_running_test(). This should be solved in a larger refactor
of SapphireTest into optional traits and more fine grained functionality.
Was missed from the removal of PHPUnitWrapper:
a16588aac3
Original reason for this: Don't fail dev/build without phpunit
When you install a SilverStripe project with "composer install --no-dev",
the PHPUnit dependency gets skipped. Which means the PHPUnit_Framework_TestListener
interface doesn't exist. The SilverStripe Classloader might still include
SapphireTestReporter which relies on this interface, which then breaks execution.
SS3 fixed this by NOT defining the class in the first place.
This has been removed in 2fdc96a0de (diff-82b3f89e8e5ae090c93e9c3a2ba8aa36L3),
as part of a PHPUnit version upgrade - but without an apparent fix to replace this.
API Remove Director::$test_servers / $dev_servers
API Remove MODULES_PATH / MODULES_DIR constants
ENHANCEMENT Injector backtick syntax now supports environment variables as well as constants
Fixes#6588
Resolves issue #6788
The AuthenticationMethed is passed in via hidden field as per usual, but due to changes, the fallback authenticator was always the MemberAuthenticator and the actual passed in authenticator was defaulting to an empty string.
This causes an issue when there are multiple authenticators and the default authenticator is _not_ in the allowed authenticators, but is still the default. It caused the getAuthenticator method to return the default MemberAuthenticator to be returned, despite it being disabled.
A second issue around multiple authenticators, was the template using a no-longer used method `getAuthenticatorName`. This method returned a null on the default MemberLoginForm (as nothing was set), causing a Warning.
Because the getAuthenticator and getAuthenticatorName are no longer in
use, I've opted to replace these with a translatable string
`getAuthenticatorName`, to
display the title of the form on the tabs, as per the tabset on
Security_MultiAuthenticatorLogin template.
- has the fields and actions extracted to a separate method, so it's more easily overridable
- Moved the global variable $_REQUEST to getting the info from the controller
- Updated string variables to `::class`
- Updated RequiredFields to be set in the YML, so it's overridable/updatable from either Config or code
- Amending best practices for secure coding to enforce HTTPS
- Add security headers to enforce HTTPS
- Ensure secure cookies are used.
- Added links for testing, changed documentation as part of peer review.
- Arrange headers to work with HTTP interface.
- fixed Cache-Control case
- Added reference to Secure Sessions.
- Replaced Cardinality with unique
- Fixed innacurate reference to decendant.
- Consistent spelling
- Databases over DBMSs
This change consolidates the string replacements used to insert requirements into the page content to help ensure
that they are not compounding and overwriting eachother.
The added test case includes where a user may have a Javascript snippet that contains a closing head tag, and the
test ensures that it does not get injected with requirements as well as the actual head tag in the DOM.