Commit Graph

1589 Commits

Author SHA1 Message Date
Ingo Schommer
d5b3dbc6fb SECURITY Return true for Director::is_absolute_url() checks if they're prefixed with two or more slashes (as browsers interpret this as a valid URL)
SECURITY More solid URL checks in Director::is_site_url(), using a conservative parse_url() hostname comparison rather than Director::makeRelative(), which is not designed for security purposes
2012-05-04 12:10:59 +02:00
Ingo Schommer
68051fdb96 Merge pull request #371 from halkyon/sapphire
---

Dont start the session until its actually necessary, which is to say there is a cookie available with the current PHP session name (or a request variable with the session_name() - typically PHPSESSID.) The latter allows for passing session ID through as an alternative to cookies.
2012-05-03 14:58:09 +02:00
Normann Lou
3b3b515571 API CHANGE Read-only fields no longer include companion hidden fields (see pull request #399)
BUGFIX Remove legacy code and template which is never picked-up so that TextareaField becomes 'readonly' when it is transfered to readonly field. Change TextareaFieldTest test cases to address a 'readonly' textarea field displaying the special html characters correctly.
2012-05-03 14:24:03 +02:00
Sean Harvey
450bc258d8 MINOR Fixing broken SQLQueryTest cases 2012-05-03 13:09:50 +12:00
Sean Harvey
521d436b45 MINOR Fixing broken test in pgsql 2012-05-03 11:22:54 +12:00
Sean Harvey
151abde17d Merge pull request #388 from chillu/trac/7170-i18n-sprintf-injections
#7170 i18n sprintf injections
2012-05-02 16:18:30 -07:00
Sean Harvey
6483cdd204 Merge pull request #382 from chillu/trac/7217-group-default-on-member
Group default on member (#7217)
2012-05-01 21:43:05 -07:00
Andrew O'Neil
fa60f9e8b2 ENHANCEMENT: Implement blowfish encryption and use it by default. (#7111) 2012-05-02 13:51:29 +12:00
Ingo Schommer
7b18d9d0da MINOR Switching _t() calls from sprintf() to using injection parameters (#7170) 2012-05-01 22:17:00 +02:00
Ingo Schommer
e949b6f2b0 ENHANCEMENT Backwards compatible $priority parameter for i18n::_t(): Allow numeric arrays as parameters, as well as %s style replacements with a named parameter map (easier transition to new system with existing translation strings) 2012-05-01 22:17:00 +02:00
Sam Minnee
2207e3d978 API CHANGE: Add SQLQuery::prepareSelect(), to further remove the need for direct property access.
API CHANGE: Change the format of SQLQuery::$select to use aliases as keys.
2012-05-01 18:15:11 +12:00
Sam Minnee
a8e8a6060a BUGFIX: Fixed errors caused by complex raw SQL sort() calls. (#7236) 2012-05-01 18:15:08 +12:00
Sam Minnee
8661164c19 API CHANGE: Add SQLQuery::clearSelect(), SQLQuery::selectField() and SQLQuery::itemisedSelect() to make it easier for other subsystems to use SQLQuery without resorting to direct property access.
API CHANGE: Remove DataQuery::select() in place of DataQuery::selectField().
BUGFIX: Remove direct property access to SQLQuery::$select
2012-05-01 17:57:39 +12:00
Sean Harvey
0882741f54 API CHANGE Renamed setModel for DataModel instances to setDataModel for
semantics, and also to allow a field name called "Model"
2012-05-01 14:45:44 +12:00
Ingo Schommer
517a0c9e48 MINOR Moving FakeController class (required for bootstrap.php) into its own file, so that autoloading doesn't execute bootstrap (which is the case when invoking TestRunner->module()) 2012-04-30 15:04:59 +02:00
Ingo Schommer
72eadef113 ENHANCEMENT GridFieldDetailForm->setItemEditFormCallback() 2012-04-30 13:46:51 +02:00
Ingo Schommer
fed2785173 ENHANCEMENT Per-instance customisation of GridFieldDetailForm_ItemRequest 2012-04-30 12:31:17 +02:00
Robert Curry
ff6909df97 ENHANCEMENT: Add lazy loading to DataQuery. 2012-04-30 16:12:15 +12:00
Sean Harvey
f63d137d49 ENHANCEMENT Session::start() now only called when there is changed
session data to be saved, and started on Director::direct() when there
is a cookie (or request var) containing the current PHP session name.
2012-04-27 16:28:46 +12:00
Will Rossiter
9938b64cf6 FEATURE: implement SS_Sortable->reverse()
API CHANGE: SQLQuery:: now an array object rather than string. Existing strings will continue to work
2012-04-27 15:54:14 +12:00
Sean Harvey
8a6671d72e BUGFIX Member::onChangeGroups() should allow ADMIN permission grant if the logged in user is an ADMIN 2012-04-27 12:27:46 +12:00
Sean Harvey
bb20587f01 ENHANCEMENT GridFieldExportButton allows an anon function to return the
value of a related object. Useful for handling has_many/many_many data
in a single CSV column.
2012-04-23 20:26:41 +12:00
Mateusz Uzdowski
6469d83569 API CHANGE: add a remote relation class getter to DataObject 2012-04-23 15:01:55 +12:00
Sean Harvey
a3e43171cf MINOR Fixed broken DataExtensionTest 2012-04-20 15:41:51 +12:00
Sean Harvey
007ed25c0b MINOR Fixing broken tests 2012-04-20 15:05:18 +12:00
Sam Minnee
8e48e6e231 API CHANGE: Allow <classname>::get(), eg, Member::get()->byID(5) 2012-04-20 14:58:24 +12:00
Robert Curry
ee53df336d BUGFIX: Removed assumption in GridFieldDataColumnsTest that Member would always have the same summary fields. 2012-04-20 11:38:06 +12:00
Will Rossiter
585417d141 Merge pull request #343 from halkyon/object_static_remove_deprecation
BUGFIX Remove calls to deprecated Object static methods, update ConfigTest
2012-04-19 14:41:45 -07:00
Robert Curry
842784c8aa ENHANCEMENT: Fixes #7010. Move DisplayFields, FieldCasting and FieldFormatting functions from GridField to GridFieldDataColumns. 2012-04-19 12:44:59 +12:00
Mateusz Uzdowski
a9e7de0cf4 BUGFIX: make UploadField aware of relations to derived classes (os7140)
UploadField was relying entirely on the File::get_class_for_file_extension to
select a class, so it could only create File or Image objects. This
would break the relationships based on derived objects. Also make it
respect the FileField::relationAutoSetting.
2012-04-19 12:18:36 +12:00
Mateusz Uzdowski
a2c9c409a8 BUGFIX: fixed asserts and file cleanup
DataObject::get_one returns false if not found, so better check for
object. Also, the directory would not be cleaned, so on the subsequent
run the files could end up having suffixes.

missed this one
2012-04-19 12:13:02 +12:00
Ingo Schommer
a1327faae4 Merge pull request #344 from halkyon/remove_deprecated_extrastatics_usage
ENHANCEMENT Remove use of deprecated extraStatics in core files
2012-04-18 15:42:51 -07:00
Sean Harvey
4cf8db3ee4 ENHANCEMENT Remove use of deprecated extraStatics in core files 2012-04-19 08:37:51 +12:00
Sean Harvey
ccb941ea9d BUGFIX Fixed places where Object::get_static() was being used. Replace
with Config system instead.
2012-04-18 23:55:37 +12:00
Sean Harvey
16e950cb6a MINOR Tidy up of code formatting in TestRunner
MINOR Fixing up old ObjectStaticTest and merging into ConfigTest
2012-04-18 23:29:54 +12:00
Ingo Schommer
c2797f3ffa Merge pull request #342 from silverstripe-big-o/sapphire
---

This is the new _t syntax. All i18n unit tests pass.
2012-04-18 10:16:23 +02:00
Julian Seidenberg
90ae0ed18d BUGFIX: reverting back to Ingo's text collector from code, but using the parser to get from templates. Adding special case for _t functions in code that have an array in them. Fixing unit tests for all this. 2012-04-18 17:35:32 +12:00
Julian Seidenberg
0da62b9552 BUGFIX: fixing i18n _t function breaking out of when correct translation found 2012-04-18 17:35:32 +12:00
Julian Seidenberg
192237cb7d BUGFIX: fixes to i18n Unit Tests 2012-04-18 17:35:31 +12:00
Julian Seidenberg
c314d0b659 API-CHANGE: i18nTextCollector can now extract the new translatable entities (<%t) from templates and populate them in language tables (uses PEG parser) 2012-04-18 17:35:30 +12:00
Julian Seidenberg
189c305c83 API-CHANGE: parser for new i18n syntax 2012-04-18 17:35:30 +12:00
Julian Seidenberg
45c7dfd9f5 ENHANCEMENT: tests for new i18n syntax 2012-04-18 17:35:29 +12:00
Robert Curry
5603fbe153 ENHANCEMENT: Fixes #7059. Add test for allowedMaxFileNumber to UploadFieldTest. 2012-04-18 14:25:14 +12:00
Sean Harvey
7d84aff01e Merge pull request #339 from ajoneil/remove-pre-53-support
Remove pre 5.3 support
2012-04-17 16:19:23 -07:00
Mateusz Uzdowski
be97535b1e ENHANCEMENT: add an infinite-loop check as validation in Hierarchy (os4399)
Check only when the parent has changed - hierarchy traversal is
expensive operation, so we do it only when it is needed.
2012-04-18 10:50:35 +12:00
Andrew O'Neil
14c0796617 MINOR: Remove checks for PHP < 5.3.2, as it's no longer supported 2012-04-18 10:38:09 +12:00
Sean Harvey
4a3070757b MINOR Fixed tests 2012-04-17 10:53:40 +12:00
Robert Curry
5686392a67 BUGFIX: Fixes #7071. Change gridfield tests to not assume ids are always
in order of addition.
2012-04-16 15:47:35 +12:00
Ingo Schommer
d57e864110 MINOR Fixed tests related to i18nLegacyAdapter changes 2012-04-15 18:46:02 +02:00
Ingo Schommer
cbcee57496 ENHANCEMENT New i18nTextCollector_Writer_RailsYaml 2012-04-15 18:08:59 +02:00