Serge Latyntcev
ca56e8d78e
[CVE-2019-12246] Denial of Service on flush and development URL tools
2019-06-10 17:23:56 +12:00
Loz Calver
568be8e29b
FIX: Misconfiguration for versioned cache segmentation ( fixes #8754 )
2019-01-25 09:33:21 +00:00
Robbie Averill
7d90a14f37
NEW Shift Embeddable and EmbedResource from asset-admin, lazy load Embed to allow injected dependencies ( #8194 )
2018-06-20 11:40:28 +12:00
Damian Mooyman
6b68495c0d
Rename ETagMiddleware to ChangeDetectionMiddleware
2018-06-14 11:16:52 +12:00
Damian Mooyman
687d0a6af1
Refactor everything out of HTTP and into separate middlewares
2018-06-13 17:56:47 +12:00
Damian Mooyman
aa1ba0ef90
Fix inverted condition
...
Remove unnecessary yml block
Deprecate HTTP::set_cache_age()
2018-06-13 13:56:47 +12:00
Damian Mooyman
442db3050c
Manual merge up of 3.x changes to HTTP class
2018-06-13 11:33:45 +12:00
Damian Mooyman
76bf2ab21a
WIP of cache middlware
2018-06-13 11:33:45 +12:00
Daniel Hensby
ec956a682d
API Moving tests to use transactions
2018-06-13 09:35:45 +12:00
Aaron Carlino
4497f99d89
Remove versioned cache from core caches
2018-05-31 09:03:29 +12:00
Damian Mooyman
e809c0fd62
Merge remote-tracking branch 'origin/4.0' into 4.1
2018-02-15 09:27:51 +13:00
Christopher Joe
f2b82b1f77
Fix docs for configuring before/after a specific config file
2018-02-13 16:31:51 +13:00
Damian Mooyman
c4ff8443bb
API Shift basic auth checking into middleware
...
Fixes #7554
2017-12-20 11:39:04 +13:00
Damian Mooyman
33b2d50d59
Cache warming in InheritedPermissions::getCachePermissions()
...
Simplify Group::Members() code
Remove cms-only config
2017-12-12 09:01:43 +13:00
Aaron Carlino
aefb0aeaa8
Make InheritedPermissions use cache and implement cache flushing
2017-12-11 17:50:11 +13:00
Aaron Carlino
eecb9f64d3
Add new InheritedPermissionFlusher extension, CacheFlusher service
2017-12-11 16:46:59 +13:00
Damian Mooyman
9d3277f3d3
BUG Fix forceWWW and forceSSL not working in _config.php
...
API Introduce CanonicalURLMiddleware
BUG Fix Director::makeRelative() failing on multi-domain sites
2017-10-30 14:42:36 +13:00
Ian Walls
e0c829f471
Fixes issue 5188: X-Forwarded Proto
...
Removes X-Forwarded-Protocol in favour of the more standard
X-Forwarded-Proto in the default Vary header config.
2017-10-26 12:20:29 +01:00
Christopher Joe
3560a0418d
rename TEMP_FOLDER to TEMP_PATH
2017-10-09 12:41:34 +13:00
Damian Mooyman
fa57deeba4
ENHANCEMENT Allow vendor modules with url rewriting
...
API Introduce ModuleResource feature
2017-09-29 10:28:38 +13:00
Damian Mooyman
f574f6d1b2
Reset test state for modified config options
2017-09-28 17:24:32 +13:00
Damian Mooyman
3a7c8fd0d7
Adjust YML conditionals
2017-09-28 09:15:00 +13:00
Daniel Hensby
51ac297c59
Fixes to ratelimiter and new features
2017-09-27 14:44:38 +01:00
Daniel Hensby
04b1bb816e
NEW RateLimiter for Security controller
2017-09-14 14:23:36 +01:00
Andrew Aitken-Fincham
dc240ce7f3
FIX use correct namespaces for middleware injection
2017-09-06 17:04:31 +01:00
Damian Mooyman
0681567102
BUG Fix flushing on live mode ( #7241 )
...
* BUG Fix flushing on live mode
Fixes #7217
* Clarify injector service documentation
2017-08-07 13:53:23 +12:00
Damian Mooyman
078a508d71
API Replace legacy tiny_mce_gzip compressor with asset generator
...
Fixes https://github.com/silverstripe/silverstripe-admin/issues/74
2017-08-01 13:43:30 +12:00
Daniel Hensby
5bf9ccc235
FIX Deprecated yml syntax
2017-07-21 15:41:44 +01:00
Daniel Hensby
4b66420f54
Remove redundant cache config
2017-07-19 12:37:30 +01:00
Robbie Averill
1a38feff22
FIX Version provider uses early bound config getter, move LeftAndMain config to admin module
2017-07-16 16:49:10 +12:00
Daniel Hensby
7fd316d405
Merge branch 3 into 4
2017-07-15 13:20:37 +01:00
Aaron Carlino
16b66440c2
BUG: Incorrect module delimiter
2017-07-13 13:15:01 +12:00
Aaron Carlino
2b266276c2
API Implement new module sorting pattern
2017-07-13 10:27:27 +12:00
Robbie Averill
ee4d8b4d4e
NEW Add new SilverStripeVersionProvider to provider module versions
2017-07-04 23:29:29 +12:00
Damian Mooyman
f65e3627dc
BUG Implement or exclude all pending upgrader deltas
2017-07-03 12:21:47 +12:00
Sam Minnee
741166e369
API: ModulePath template global now takes any composer package name.
...
NEW: URL generation now handled by pluggable ResourceURLGenerator service.
NEW: Requirements::javascript() and Requirements::css() now support “vendor/package:resource” syntax.
These changes will make it easier to us to fully abstract:
- file access from module location
- file location from URL generation
API: ModulePath template global now takes any composer package name.
NEW: URL generation now handled by pluggable ResourceURLGenerator service.
NEW: Requirements::javascript() and Requirements::css() now support “vendor/package:resource” syntax.
These changes will make it easier to us to fully abstract:
- file access from module location
- file location from URL generation
2017-06-28 16:59:28 +12:00
Damian Mooyman
d20ab50f9d
API Stronger Injector service unregistration
...
BUG Fix up test regressions
FIX director references to request object
API Move all middlewares to common namespace
API Implement RequestHandlerMiddlewareAdapter
ENHANCEMENT Improve IP address parsing
Fix up PHPDoc / psr2 linting
BUG Fix property parsing in TrustedProxyMiddleware
BUG Fix Director::is_https()
2017-06-27 13:32:39 +12:00
Sam Minnee
69fe166897
API: Director::handleRequest() is no longer static - use a Director service
...
NEW: Add HTMLMiddlewareAware trait to HTTPApplication, Director, and RequestHandler
NEW: Allow service specs to be passed to Director rules.
This refactor of the controller middlewares takes a service definition
approach rather than a static-method-and-config approach that Director
historically had.
The use of a trait for middleware means that the Middlewares array
property can be defined on RequestHandler, Director, and HTTPApplication
objects in the same way.
2017-06-27 13:32:39 +12:00
Sam Minnee
ccc86306b6
NEW: Add TrustedProxyMiddleware
...
API: SS_TRUSTED_PROXY_HOST_HEADER replace with middleware config
API: SS_TRUSTED_PROXY_PROTOCOL_HEADER replace with middleware config
API: SS_TRUSTED_PROXY_IP_HEADER replace with middleware config
API: Front-End-Https = “on” header no longer supported
This middleware replaces the TRUSTED_PROXY setting and shifts its
configuration out of the env vars and bootstrap and into the Director
flow.
2017-06-27 13:32:39 +12:00
Sam Minnee
72a7655e95
NEW: Moved allowed-hosts checking to a middleware.
2017-06-27 13:32:39 +12:00
Sam Minnee
db080c0603
NEW: Move session activation to SessionMiddleware.
2017-06-27 13:32:39 +12:00
Sam Minnee
254204a3a6
NEW: Replace AuthenticationRequestFilter with AuthenticationMiddleware
2017-06-27 13:32:39 +12:00
Sam Minnee
e855622890
NEW: Replace FlushRequestFilter with FlushMiddleware
2017-06-27 13:32:39 +12:00
Sam Minnee
b30f410ea0
API: Deprecate RequestFilter.
...
NEW: Allow application of HTTPMiddleware to Director.
Director can now use the same HTTPMiddleware objects as the app object.
They can be applied either globally or pre-rule.
2017-06-27 13:32:39 +12:00
Daniel Hensby
b1d8c0308b
Remove asset cache that belongs in assets module
2017-06-23 10:45:41 +01:00
Damian Mooyman
3873e4ba00
API Refactor bootstrap, request handling
...
See https://github.com/silverstripe/silverstripe-framework/pull/7037
and https://github.com/silverstripe/silverstripe-framework/issues/6681
Squashed commit of the following:
commit 8f65e56532
Author: Ingo Schommer <me@chillu.com>
Date: Thu Jun 22 22:25:50 2017 +1200
Fixed upgrade guide spelling
commit 76f95944fa
Author: Damian Mooyman <damian@silverstripe.com>
Date: Thu Jun 22 16:38:34 2017 +1200
BUG Fix non-test class manifest including sapphiretest / functionaltest
commit 9379834cb4
Author: Damian Mooyman <damian@silverstripe.com>
Date: Thu Jun 22 15:50:47 2017 +1200
BUG Fix nesting bug in Kernel
commit 188ce35d82
Author: Damian Mooyman <damian@silverstripe.com>
Date: Thu Jun 22 15:14:51 2017 +1200
BUG fix db bootstrapping issues
commit 7ed4660e7a
Author: Damian Mooyman <damian@silverstripe.com>
Date: Thu Jun 22 14:49:07 2017 +1200
BUG Fix issue in DetailedErrorFormatter
commit 738f50c497
Author: Damian Mooyman <damian@silverstripe.com>
Date: Thu Jun 22 11:49:19 2017 +1200
Upgrading notes on mysite/_config.php
commit 6279d28e5e
Author: Damian Mooyman <damian@silverstripe.com>
Date: Thu Jun 22 11:43:28 2017 +1200
Update developer documentation
commit 5c90d53a84
Author: Damian Mooyman <damian@silverstripe.com>
Date: Thu Jun 22 10:48:44 2017 +1200
Update installer to not use global databaseConfig
commit f9b2ba4755
Author: Damian Mooyman <damian@silverstripe.com>
Date: Wed Jun 21 21:04:39 2017 +1200
Fix behat issues
commit 5b59a912b6
Author: Damian Mooyman <damian@silverstripe.com>
Date: Wed Jun 21 17:07:11 2017 +1200
Move HTTPApplication to SilverStripe\Control namespace
commit e2c4a18f63
Author: Damian Mooyman <damian@silverstripe.com>
Date: Wed Jun 21 16:29:03 2017 +1200
More documentation
Fix up remaining tests
Refactor temp DB into TempDatabase class so it’s available outside of unit tests.
commit 5d235e64f3
Author: Damian Mooyman <damian@silverstripe.com>
Date: Wed Jun 21 12:13:15 2017 +1200
API HTTPRequestBuilder::createFromEnvironment() now cleans up live globals
BUG Fix issue with SSViewer
Fix Security / View tests
commit d88d4ed4e4
Author: Damian Mooyman <damian@silverstripe.com>
Date: Tue Jun 20 16:39:43 2017 +1200
API Refactor AppKernel into CoreKernel
commit f7946aec33
Author: Damian Mooyman <damian@silverstripe.com>
Date: Tue Jun 20 16:00:40 2017 +1200
Docs and minor cleanup
commit 12bd31f936
Author: Damian Mooyman <damian@silverstripe.com>
Date: Tue Jun 20 15:34:34 2017 +1200
API Remove OutputMiddleware
API Move environment / global / ini management into Environment class
API Move getTempFolder into TempFolder class
API Implement HTTPRequestBuilder / CLIRequestBuilder
BUG Restore SS_ALLOWED_HOSTS check in original location
API CoreKernel now requires $basePath to be passed in
API Refactor installer.php to use application to bootstrap
API move memstring conversion globals to Convert
BUG Fix error in CoreKernel nesting not un-nesting itself properly.
commit bba9791146
Author: Damian Mooyman <damian@silverstripe.com>
Date: Mon Jun 19 18:07:53 2017 +1200
API Create HTTPMiddleware and standardise middleware for request handling
commit 2a10c2397b
Author: Damian Mooyman <damian@silverstripe.com>
Date: Mon Jun 19 17:42:42 2017 +1200
Fixed ORM tests
commit d75a8d1d93
Author: Damian Mooyman <damian@silverstripe.com>
Date: Mon Jun 19 17:15:07 2017 +1200
FIx i18n tests
commit 06364af3c3
Author: Damian Mooyman <damian@silverstripe.com>
Date: Mon Jun 19 16:59:34 2017 +1200
Fix controller namespace
Move states to sub namespace
commit 2a278e2953
Author: Damian Mooyman <damian@silverstripe.com>
Date: Mon Jun 19 12:49:45 2017 +1200
Fix forms namespace
commit b65c21241b
Author: Damian Mooyman <damian@silverstripe.com>
Date: Thu Jun 15 18:56:48 2017 +1200
Update API usages
commit d1d4375c95
Author: Damian Mooyman <damian@silverstripe.com>
Date: Thu Jun 15 18:41:44 2017 +1200
API Refactor $flush into HTPPApplication
API Enforce health check in Controller::pushCurrent()
API Better global backup / restore
Updated Director::test() to use new API
commit b220534f06
Author: Damian Mooyman <damian@silverstripe.com>
Date: Tue Jun 13 22:05:57 2017 +1200
Move app nesting to a test state helper
commit 603704165c
Author: Damian Mooyman <damian@silverstripe.com>
Date: Tue Jun 13 21:46:04 2017 +1200
Restore kernel stack to fix multi-level nesting
commit 2f6336a15b
Author: Damian Mooyman <damian@silverstripe.com>
Date: Tue Jun 13 17:23:21 2017 +1200
API Implement kernel nesting
commit fc7188da7d
Author: Damian Mooyman <damian@silverstripe.com>
Date: Tue Jun 13 15:43:13 2017 +1200
Fix core tests
commit a0ae723514
Author: Damian Mooyman <damian@silverstripe.com>
Date: Tue Jun 13 15:23:52 2017 +1200
Fix manifest tests
commit ca03395251
Author: Damian Mooyman <damian@silverstripe.com>
Date: Tue Jun 13 15:00:00 2017 +1200
API Move extension management into test state
commit c66d433977
Author: Damian Mooyman <damian@silverstripe.com>
Date: Tue Jun 13 14:10:59 2017 +1200
API Refactor SapphireTest state management into SapphireTestState
API Remove Injector::unregisterAllObjects()
API Remove FakeController
commit f26ae75c6e
Author: Damian Mooyman <damian@silverstripe.com>
Date: Mon Jun 12 18:04:34 2017 +1200
Implement basic CLI application object
commit 001d559662
Author: Damian Mooyman <damian@silverstripe.com>
Date: Mon Jun 12 17:39:38 2017 +1200
Remove references to SapphireTest::is_running_test()
Upgrade various code
commit de079c041d
Author: Damian Mooyman <damian@silverstripe.com>
Date: Wed Jun 7 18:07:33 2017 +1200
API Implement APP object
API Refactor of Session
2017-06-22 22:50:45 +12:00
Damian Mooyman
64e802f795
API Move createTag to HTML class
...
ENHANCEMENT Better HTML generation behaviour for Requirements_Backend
2017-06-16 12:22:05 +12:00
Simon Erkelens
3fe837dad7
Fix for CMS Authenticator. Should only apply to CMSSecurity
2017-06-10 14:47:53 +12:00
Damian Mooyman
62753b3cb1
Cleanup and RequestFilter refactor
2017-06-09 15:07:35 +12:00
Simon Erkelens
082db89550
Feedback from Damian.
...
- Move the success and message to a validationresult
- Fix tests for validationresult return
- We need to clear the session in Test logOut method
- Rename to MemberAuthenticator and CMSMemberAuthenticator for consistency.
- Unify all to getCurrentUser on Security
- ChangePasswordHandler removed from Security
- Update SapphireTest for CMS login/logout
- Get the Member ID correctly, if it's an object.
- Only enable "remember me" when it's allowed.
- Add flag to disable password logging
- Remove Subsites coupling, give it an extension hook to disable itself
- Change cascadeLogInTo to cascadeInTo for the logout method logic naming
- Docblocks
- Basicauth config
2017-06-08 17:50:20 +12:00