* NEW DatabaselessKernel to support operation without DB
This is required for GraphQL code generation in CI (without a working runtime database/webserver environment).
Context: https://github.com/silverstripe/silverstripe-graphql/issues/388
* New --no-database option for sake
* Refactor to abstract class
* Apply feedback peer review
Co-authored-by: Aaron Carlino <unclecheese@leftandmain.com>
Co-authored-by: Maxime Rainville <maxime@silverstripe.com>
It's misleading to imply that an .env doesn't exist when it's not what the actual check looks for.
It's also poor design to hardcode an unrelated error message in a "redirect to installer" function,
which only worked because this function was called from exactly one other place where this
error message was correct.
This method should typehint the incoming value once union types are
available, but for now this ensures that method_exists() is not called
on scalar values, which is unsupported in PHP 8.
$hadNamespace was ambiguously named, so the original PHP 8 support
update marked it true when it was strictly meant to indicate that a
namespace separator token had been encountered, resulting in bungled
parsing of complex class specs like Class(["arg" => true]).
The T_NAME_QUALIFIED and T_NAME_FULLY_QUALIFIED tokens are introduced
in PHP 8, and encapsulate theentire FQCN, replacing the previous
structure of a group of T_STRINGs and T_NS_SEPARATORs.
Recipe versions are a more useful indicator than the framework module
version, so if installed we want to show the recipe-core version. The
cms module expands upon this to include recipe-cms.
Silverstripe Forms allow malicious HTML or JavaScript to be inserted
through non-scalar FormField attributes, which allows performing XSS (Cross-Site Scripting)
on some forms built with user input (Request data). This can lead to phishing attempts
to obtain a user's credentials or other sensitive user input.
There is no known attack vector for extracting user-session information or credentials automatically,
it required a user to fall for the phishing attempt.
XSS can also be used to modify the presentation of content in malicious ways.
Ingo Schommer
Lukas
Maxime Rainville
Steve Boyd
Loz Calver
William Desportes
Ingo Schommer
Garion Herman
Guy Marriott
Robbie Averill
Dan Hensby
Sam Minnee
Nicolaas
Jackson Darlow
mattclegg
Michal Kleiner
Serge Latyntcev
Mojmir Fendek
UndefinedOffset
Aaron Carlino