Sam Minnee
ccc86306b6
NEW: Add TrustedProxyMiddleware
...
API: SS_TRUSTED_PROXY_HOST_HEADER replace with middleware config
API: SS_TRUSTED_PROXY_PROTOCOL_HEADER replace with middleware config
API: SS_TRUSTED_PROXY_IP_HEADER replace with middleware config
API: Front-End-Https = “on” header no longer supported
This middleware replaces the TRUSTED_PROXY setting and shifts its
configuration out of the env vars and bootstrap and into the Director
flow.
2017-06-27 13:32:39 +12:00
Sam Minnee
e855622890
NEW: Replace FlushRequestFilter with FlushMiddleware
2017-06-27 13:32:39 +12:00
Sam Minnee
c482cd673e
DOC: Documentation and upgrade notes for director middleware
2017-06-27 13:32:39 +12:00
Damian Mooyman
0ed1750106
Merge remote-tracking branch 'origin/3'
...
# Conflicts:
# .travis.yml
# .tx/config
# _config/database.yml
# admin/code/LeftAndMain.php
# admin/code/ModelAdmin.php
# admin/code/SecurityAdmin.php
# admin/javascript/jquery-changetracker/lib/jquery.changetracker.js
# admin/javascript/lang/cs.js
# admin/javascript/lang/de.js
# admin/javascript/lang/eo.js
# admin/javascript/lang/es.js
# admin/javascript/lang/fa_IR.js
# admin/javascript/lang/fi.js
# admin/javascript/lang/fr.js
# admin/javascript/lang/hr.js
# admin/javascript/lang/id.js
# admin/javascript/lang/id_ID.js
# admin/javascript/lang/it.js
# admin/javascript/lang/ja.js
# admin/javascript/lang/lt.js
# admin/javascript/lang/mi.js
# admin/javascript/lang/nb.js
# admin/javascript/lang/nl.js
# admin/javascript/lang/pl.js
# admin/javascript/lang/ro.js
# admin/javascript/lang/ru.js
# admin/javascript/lang/sk.js
# admin/javascript/lang/sl.js
# admin/javascript/lang/sl_SI.js
# admin/javascript/lang/sr.js
# admin/javascript/lang/sr@latin.js
# admin/javascript/lang/sr_RS.js
# admin/javascript/lang/sr_RS@latin.js
# admin/javascript/lang/src/cs.js
# admin/javascript/lang/src/de.js
# admin/javascript/lang/src/eo.js
# admin/javascript/lang/src/es.js
# admin/javascript/lang/src/fa_IR.js
# admin/javascript/lang/src/fi.js
# admin/javascript/lang/src/fr.js
# admin/javascript/lang/src/hr.js
# admin/javascript/lang/src/id.js
# admin/javascript/lang/src/id_ID.js
# admin/javascript/lang/src/it.js
# admin/javascript/lang/src/ja.js
# admin/javascript/lang/src/lt.js
# admin/javascript/lang/src/mi.js
# admin/javascript/lang/src/nb.js
# admin/javascript/lang/src/nl.js
# admin/javascript/lang/src/pl.js
# admin/javascript/lang/src/ro.js
# admin/javascript/lang/src/ru.js
# admin/javascript/lang/src/sk.js
# admin/javascript/lang/src/sl.js
# admin/javascript/lang/src/sl_SI.js
# admin/javascript/lang/src/sr.js
# admin/javascript/lang/src/sr@latin.js
# admin/javascript/lang/src/sr_RS.js
# admin/javascript/lang/src/sr_RS@latin.js
# admin/javascript/lang/src/sv.js
# admin/javascript/lang/src/zh.js
# admin/javascript/lang/sv.js
# admin/javascript/lang/zh.js
# admin/templates/Includes/ModelAdmin_Content.ss
# composer.json
# control/HTTPRequest.php
# core/Config.php
# core/Core.php
# core/Diff.php
# core/Object.php
# core/PaginatedList.php
# core/TempPath.php
# core/manifest/ConfigStaticManifest.php
# dev/Profiler.php
# docs/en/00_Getting_Started/00_Server_Requirements.md
# docs/en/00_Getting_Started/03_Environment_Management.md
# docs/en/02_Developer_Guides/01_Templates/03_Requirements.md
# docs/en/02_Developer_Guides/07_Debugging/03_Template_debugging.md
# docs/en/02_Developer_Guides/13_i18n/index.md
# filesystem/File.php
# filesystem/GD.php
# filesystem/ImagickBackend.php
# filesystem/Upload.php
# forms/DatetimeField.php
# forms/FormField.php
# forms/GroupedDropdownField.php
# forms/TabSet.php
# forms/gridfield/GridFieldFilterHeader.php
# javascript/lang/es.js
# javascript/lang/src/es.js
# lang/af.yml
# lang/ar.yml
# lang/az.yml
# lang/bg.yml
# lang/bs.yml
# lang/ca.yml
# lang/cs.yml
# lang/de.yml
# lang/en.yml
# lang/eo.yml
# lang/es.yml
# lang/es_AR.yml
# lang/es_MX.yml
# lang/et_EE.yml
# lang/fa_IR.yml
# lang/fi.yml
# lang/fo.yml
# lang/fr.yml
# lang/gl_ES.yml
# lang/he_IL.yml
# lang/hr.yml
# lang/hu.yml
# lang/id.yml
# lang/id_ID.yml
# lang/is.yml
# lang/it.yml
# lang/ja.yml
# lang/lt.yml
# lang/lv.yml
# lang/mi.yml
# lang/ms.yml
# lang/nb.yml
# lang/ne.yml
# lang/nl.yml
# lang/pl.yml
# lang/pt.yml
# lang/pt_BR.yml
# lang/ro.yml
# lang/ru.yml
# lang/si.yml
# lang/sk.yml
# lang/sl.yml
# lang/sl_SI.yml
# lang/sr.yml
# lang/sr@latin.yml
# lang/sr_RS.yml
# lang/sr_RS@latin.yml
# lang/sv.yml
# lang/th.yml
# lang/tr.yml
# lang/uk.yml
# lang/zh.yml
# lang/zh_CN.yml
# lang/zh_TW.yml
# model/DataDifferencer.php
# model/DataQuery.php
# model/Image.php
# model/ManyManyList.php
# model/connect/DBSchemaManager.php
# model/connect/PDOConnector.php
# model/fieldtypes/Bigint.php
# model/fieldtypes/DBFloat.php
# model/fieldtypes/DBInt.php
# model/fieldtypes/Double.php
# model/fieldtypes/ForeignKey.php
# model/fieldtypes/PrimaryKey.php
# parsers/HTML/HTMLBBCodeParser.php
# security/Member.php
# security/MemberAuthenticator.php
# security/RandomGenerator.php
# security/Security.php
# tests/control/CookieTest.php
# tests/control/HTTPRequestTest.php
# tests/core/CoreTest.php
# tests/filesystem/UploadTest.php
# tests/forms/FormFieldTest.php
# tests/forms/FormTest.php
# tests/forms/GroupedDropdownFieldTest.php
# tests/forms/HtmlEditorFieldToolbarTest.php
# tests/forms/RequirementsTest.php
# tests/model/DBFieldTest.php
# tests/model/DataObjectTest.php
# tests/model/ManyManyListTest.php
# tests/model/VersionableExtensionsTest.php
# tests/model/VersionedTest.php
# tests/parsers/ShortcodeParserTest.php
# tests/security/MemberAuthenticatorTest.php
# tests/security/MemberTest.php
# tests/security/SecurityTest.php
# tests/view/SSViewerTest.php
# thirdparty/simpletest/encoding.php
# thirdparty/simpletest/page.php
# thirdparty/simpletest/tag.php
# thirdparty/spyc/spyc.php
# thirdparty/tinymce-spellchecker/classes/SpellChecker.php
# thirdparty/tinymce-spellchecker/classes/utils/JSON.php
# thirdparty/tinymce-spellchecker/classes/utils/Logger.php
# thirdparty/tinymce/tiny_mce.js
# thirdparty/tinymce/tiny_mce_gzip.php
# thirdparty/tinymce/tiny_mce_src.js
# view/Requirements.php
# view/SSViewer.php
# view/ViewableData.php
2017-06-27 13:27:14 +12:00
Daniel Hensby
fea36f2d7b
DOCS Update Image docs to reflect intervention/image changes
2017-06-23 11:18:21 +01:00
Damian Mooyman
3873e4ba00
API Refactor bootstrap, request handling
...
See https://github.com/silverstripe/silverstripe-framework/pull/7037
and https://github.com/silverstripe/silverstripe-framework/issues/6681
Squashed commit of the following:
commit 8f65e56532
Author: Ingo Schommer <me@chillu.com>
Date: Thu Jun 22 22:25:50 2017 +1200
Fixed upgrade guide spelling
commit 76f95944fa
Author: Damian Mooyman <damian@silverstripe.com>
Date: Thu Jun 22 16:38:34 2017 +1200
BUG Fix non-test class manifest including sapphiretest / functionaltest
commit 9379834cb4
Author: Damian Mooyman <damian@silverstripe.com>
Date: Thu Jun 22 15:50:47 2017 +1200
BUG Fix nesting bug in Kernel
commit 188ce35d82
Author: Damian Mooyman <damian@silverstripe.com>
Date: Thu Jun 22 15:14:51 2017 +1200
BUG fix db bootstrapping issues
commit 7ed4660e7a
Author: Damian Mooyman <damian@silverstripe.com>
Date: Thu Jun 22 14:49:07 2017 +1200
BUG Fix issue in DetailedErrorFormatter
commit 738f50c497
Author: Damian Mooyman <damian@silverstripe.com>
Date: Thu Jun 22 11:49:19 2017 +1200
Upgrading notes on mysite/_config.php
commit 6279d28e5e
Author: Damian Mooyman <damian@silverstripe.com>
Date: Thu Jun 22 11:43:28 2017 +1200
Update developer documentation
commit 5c90d53a84
Author: Damian Mooyman <damian@silverstripe.com>
Date: Thu Jun 22 10:48:44 2017 +1200
Update installer to not use global databaseConfig
commit f9b2ba4755
Author: Damian Mooyman <damian@silverstripe.com>
Date: Wed Jun 21 21:04:39 2017 +1200
Fix behat issues
commit 5b59a912b6
Author: Damian Mooyman <damian@silverstripe.com>
Date: Wed Jun 21 17:07:11 2017 +1200
Move HTTPApplication to SilverStripe\Control namespace
commit e2c4a18f63
Author: Damian Mooyman <damian@silverstripe.com>
Date: Wed Jun 21 16:29:03 2017 +1200
More documentation
Fix up remaining tests
Refactor temp DB into TempDatabase class so it’s available outside of unit tests.
commit 5d235e64f3
Author: Damian Mooyman <damian@silverstripe.com>
Date: Wed Jun 21 12:13:15 2017 +1200
API HTTPRequestBuilder::createFromEnvironment() now cleans up live globals
BUG Fix issue with SSViewer
Fix Security / View tests
commit d88d4ed4e4
Author: Damian Mooyman <damian@silverstripe.com>
Date: Tue Jun 20 16:39:43 2017 +1200
API Refactor AppKernel into CoreKernel
commit f7946aec33
Author: Damian Mooyman <damian@silverstripe.com>
Date: Tue Jun 20 16:00:40 2017 +1200
Docs and minor cleanup
commit 12bd31f936
Author: Damian Mooyman <damian@silverstripe.com>
Date: Tue Jun 20 15:34:34 2017 +1200
API Remove OutputMiddleware
API Move environment / global / ini management into Environment class
API Move getTempFolder into TempFolder class
API Implement HTTPRequestBuilder / CLIRequestBuilder
BUG Restore SS_ALLOWED_HOSTS check in original location
API CoreKernel now requires $basePath to be passed in
API Refactor installer.php to use application to bootstrap
API move memstring conversion globals to Convert
BUG Fix error in CoreKernel nesting not un-nesting itself properly.
commit bba9791146
Author: Damian Mooyman <damian@silverstripe.com>
Date: Mon Jun 19 18:07:53 2017 +1200
API Create HTTPMiddleware and standardise middleware for request handling
commit 2a10c2397b
Author: Damian Mooyman <damian@silverstripe.com>
Date: Mon Jun 19 17:42:42 2017 +1200
Fixed ORM tests
commit d75a8d1d93
Author: Damian Mooyman <damian@silverstripe.com>
Date: Mon Jun 19 17:15:07 2017 +1200
FIx i18n tests
commit 06364af3c3
Author: Damian Mooyman <damian@silverstripe.com>
Date: Mon Jun 19 16:59:34 2017 +1200
Fix controller namespace
Move states to sub namespace
commit 2a278e2953
Author: Damian Mooyman <damian@silverstripe.com>
Date: Mon Jun 19 12:49:45 2017 +1200
Fix forms namespace
commit b65c21241b
Author: Damian Mooyman <damian@silverstripe.com>
Date: Thu Jun 15 18:56:48 2017 +1200
Update API usages
commit d1d4375c95
Author: Damian Mooyman <damian@silverstripe.com>
Date: Thu Jun 15 18:41:44 2017 +1200
API Refactor $flush into HTPPApplication
API Enforce health check in Controller::pushCurrent()
API Better global backup / restore
Updated Director::test() to use new API
commit b220534f06
Author: Damian Mooyman <damian@silverstripe.com>
Date: Tue Jun 13 22:05:57 2017 +1200
Move app nesting to a test state helper
commit 603704165c
Author: Damian Mooyman <damian@silverstripe.com>
Date: Tue Jun 13 21:46:04 2017 +1200
Restore kernel stack to fix multi-level nesting
commit 2f6336a15b
Author: Damian Mooyman <damian@silverstripe.com>
Date: Tue Jun 13 17:23:21 2017 +1200
API Implement kernel nesting
commit fc7188da7d
Author: Damian Mooyman <damian@silverstripe.com>
Date: Tue Jun 13 15:43:13 2017 +1200
Fix core tests
commit a0ae723514
Author: Damian Mooyman <damian@silverstripe.com>
Date: Tue Jun 13 15:23:52 2017 +1200
Fix manifest tests
commit ca03395251
Author: Damian Mooyman <damian@silverstripe.com>
Date: Tue Jun 13 15:00:00 2017 +1200
API Move extension management into test state
commit c66d433977
Author: Damian Mooyman <damian@silverstripe.com>
Date: Tue Jun 13 14:10:59 2017 +1200
API Refactor SapphireTest state management into SapphireTestState
API Remove Injector::unregisterAllObjects()
API Remove FakeController
commit f26ae75c6e
Author: Damian Mooyman <damian@silverstripe.com>
Date: Mon Jun 12 18:04:34 2017 +1200
Implement basic CLI application object
commit 001d559662
Author: Damian Mooyman <damian@silverstripe.com>
Date: Mon Jun 12 17:39:38 2017 +1200
Remove references to SapphireTest::is_running_test()
Upgrade various code
commit de079c041d
Author: Damian Mooyman <damian@silverstripe.com>
Date: Wed Jun 7 18:07:33 2017 +1200
API Implement APP object
API Refactor of Session
2017-06-22 22:50:45 +12:00
David Alexander
3b812417ad
Update 03_Environment_Management.md
...
@dhensby I thought I saw a recent merge making PDO the default.
2017-06-20 10:12:55 +12:00
Chris Joe
102eaed36c
Merge pull request #6722 from open-sausages/pulls/4.0/requirements-html-cleanup
...
Better HTML generation behaviour for Requirements_Backend
2017-06-16 13:52:06 +12:00
Damian Mooyman
dd4eb6ce44
Merge pull request #6960 from open-sausages/pulls/4.0/security-process-docs
...
Internal security process docs
2017-06-16 13:50:58 +12:00
Damian Mooyman
64e802f795
API Move createTag to HTML class
...
ENHANCEMENT Better HTML generation behaviour for Requirements_Backend
2017-06-16 12:22:05 +12:00
Damian Mooyman
62d095305b
API Update DefaultAdmin services
...
API Improve validation of authentication process
2017-06-15 15:53:57 +12:00
Daniel Hensby
6f2b08b962
Merge branch '3.6' into 3
2017-06-14 12:02:27 +01:00
3Dgoo
f0c00bfb78
Fixing language typo in docs
2017-06-13 05:37:07 +09:30
Simon Erkelens
2b26cafcff
Separate out the log-out handling.
...
Repairing tests and regressions
Consistently use `Security::getCurrentUser()` and `Security::setCurrentUser()`
Fix for the logout handler to properly logout, some minor wording updates
Remove the login hashes for the member when logging out.
BasicAuth to use `HTTPRequest`
2017-06-07 21:11:58 +12:00
Antony Thorpe
6348f2e3e8
Updated Form.php & 04_Form_Security.md
...
Changed the `strictFormMethodCheck` protected property from false to true to step out on the front foot with this security setting. In the documentation under the title [Cross-Site Request Forgery](https://github.com/silverstripe/silverstripe-framework/blob/master/docs/en/02_Developer_Guides/09_Security/04_Secure_Coding.md#cross-site-request-forgery-csrf ) it states, "it is also recommended to limit form submissions to the intended HTTP verb (mostly GET or POST) through [api:Form::setStrictFormMethodCheck()]." The same advice is noted in [Form Security](c2292a4cc1/docs/en/02_Developer_Guides/03_Forms/04_Form_Security.md (strict-form-submission)
).
Why not make this the default behaviour? Is there a scenario where this would cause a problem? Have manually tested in the CMS (alpha7) and is working fine.
Note: Original commit that establised the API Form::setStrictFormMethodCheck is 14c59be8
.
2017-06-06 21:10:49 +12:00
Damian Mooyman
9b965ed5fa
Add in missing changelog notes
2017-06-06 11:08:05 +12:00
Ingo Schommer
b137e91998
Internal security process docs
2017-06-02 11:30:12 +12:00
Justin Brown
ac08e16720
Update to 00_CSV_Import.md
...
Adding further explanation for using a custom CsvBulkLoader in ModelAdmin instead of the default one. I think some people might be able to guess at this, but others (like me) might benefit from making things a bit more explicit. This a follow up from my [question on StackOverflow](https://stackoverflow.com/questions/44271755/adding-custom-csvbulkuploader-to-modeladmin-in-silverstripe ).
2017-05-31 09:05:05 -06:00
Ed Linklater
f007fca51f
Docs: Correct Stevie's name on committers page
2017-05-31 12:27:06 +12:00
Daniel Hensby
21d2e5cad1
Merge branch '3.6' into 3
2017-05-31 00:12:14 +01:00
Daniel Hensby
becb769167
Merge branch '3.5' into 3.6
2017-05-31 00:11:48 +01:00
Daniel Hensby
294df1320f
Merge branch '3.4' into 3.5
2017-05-31 00:11:18 +01:00
Daniel Hensby
143c4a63cf
Added 3.6.0 changelog
2017-05-30 22:11:03 +00:00
Daniel Hensby
2f7f761a9c
Added 3.5.4 changelog
2017-05-30 22:03:17 +00:00
Daniel Hensby
deca99a5fe
Added 3.4.6 changelog
2017-05-30 21:58:52 +00:00
Damian Mooyman
e7d87add9f
API Remove legacy HTMLEditor classes
2017-05-30 11:01:28 +12:00
Nick
318b0248b7
Update 05_Dataobject_Relationship_Management.md
...
Correct a naffed up code block and a typo
2017-05-29 20:54:50 +12:00
Daniel Hensby
659053a256
Added 3.6.0-rc1 changelog
2017-05-29 00:36:04 +00:00
Daniel Hensby
cda7e8dc39
Merge remote-tracking branch 'security/3.5.4' into 3.6.0
2017-05-29 01:29:05 +01:00
Daniel Hensby
9a38bedd18
Added 3.5.4-rc1 changelog
2017-05-29 00:08:27 +00:00
Daniel Hensby
24166700e8
Merge remote-tracking branch 'security/3.4.6' into 3.5.4
2017-05-29 01:02:35 +01:00
Daniel Hensby
b5ad4bdcc6
Added 3.4.6-rc2 changelog
2017-05-28 23:49:04 +00:00
Daniel Hensby
eeb549faf3
Added 3.4.6-rc1 changelog
2017-05-28 21:34:38 +00:00
Aaron Carlino
06615e3d76
Resample doc images for react di
2017-05-26 11:08:07 +12:00
Chris Joe
5ec8d40c19
Merge pull request #6957 from open-sausages/pulls/4/react-di-documentation
...
Docs for React DI
2017-05-26 10:59:42 +12:00
Daniel Hensby
893f19a5ea
DOCS Updating index definition examples
2017-05-25 23:29:12 +01:00
Aaron Carlino
bfc373cf0f
update docs with new api
2017-05-25 16:34:32 +12:00
Aaron Carlino
75981989b0
Docs for React DI
2017-05-25 14:58:55 +12:00
Christopher Joe
e327bf3c70
Enhancement add contribution notes about releasing to NPM
2017-05-24 17:07:05 +12:00
Damian Mooyman
fba8e2c245
API Remove Object class
...
API DataObjectSchema::manyManyComponent() return array is now associative array
2017-05-23 13:50:35 +12:00
Damian Mooyman
2aa3b5d5fa
Merge pull request #6934 from robbieaverill/pulls/4.0/consistent-instance-method
...
API Consistent use of inst() naming across framework
2017-05-22 11:57:20 +12:00
Damian Mooyman
4197090e11
Merge pull request #6940 from kinglozzer/randomgenerator
...
Only use random_bytes() for RandomGenerator (closes #6397 )
2017-05-22 10:29:55 +12:00
Loz Calver
e653e90997
Only use random_bytes() for RandomGenerator ( closes #6397 )
2017-05-19 11:18:56 +01:00
Robbie Averill
f2cbe86f03
Remove CustomMethods::createMethod and create_function implementations, replace with closures
2017-05-19 15:56:44 +12:00
Robbie Averill
ad43a82923
API Consistent use of inst() naming across framework
2017-05-19 14:38:06 +12:00
Ingo Schommer
100048da33
API PSR-11 compliance ( fixes #6594 ) ( #6931 )
...
Note that our usage of `$asSingleton` in `get()` is fine. Quote from the PSR:
> Two successive calls to get with the same identifier SHOULD return the same value. However, depending on the implementor design and/or user configuration, different values might be returned, so user SHOULD NOT rely on getting the same value on 2 successive calls.
2017-05-19 13:45:07 +12:00
Daniel Hensby
283e3279be
Merge branch '3.6' into 3
2017-05-18 13:55:07 +01:00
Loz Calver
471166c15e
Merge pull request #6169 from open-sausages/pulls/4.0/duplicate-manymany-option
...
API Duplication of many_many relationships now defaults to many_many only
2017-05-17 09:31:09 +01:00
Damian Mooyman
f5f6fdce12
API Duplication of many_many relationships now defaults to many_many only
...
Fixes https://github.com/silverstripe/silverstripe-cms/issues/1453
2017-05-16 23:26:39 +12:00
Colm McBarron
8666d4abb2
Update YAML format to use namespace
2017-05-16 11:49:39 +01:00