Commit Graph

10803 Commits

Author SHA1 Message Date
Hamish Friedlander
d8a1df4312 Further secure eval call in ConfigStaticManifest
It shouldnt be possible to get ConfigStaticManifest to parse
a user uploaded file, and if you could it shouldnt be possible
to form PHP that token_get_all could parse which would end
up executing any code.

However just in case it is, this changes the eval to assign to a
static, so the eval will give a syntax error if an attacker
manages to make $value look like `ls` or some other expression
2013-03-13 12:42:48 +13:00
Hamish Friedlander
53595dc930 FIX Parsing docblock comments in ConfigStaticManifest 2013-03-13 11:59:49 +13:00
Hamish Friedlander
60b72edfba FIX Parsing heredoc, nowdoc & comments in ConfigStaticManifest 2013-03-13 11:26:49 +13:00
Hamish Friedlander
e6352dffbb FIX Static polution with informational fields 2013-03-12 17:14:12 +13:00
Hamish Friedlander
7f58730904 FIX Avoid get_parent_class in ConfigStaticManifest (was loading all classes) 2013-03-12 16:52:11 +13:00
Hamish Friedlander
943b5cf3a4 Remove debug message, any still unexpected token is an error 2013-03-12 15:40:12 +13:00
Hamish Friedlander
c52baae3c8 Add some tests for the static parser 2013-03-12 15:32:46 +13:00
Hamish Friedlander
a6f1a200b6 Some micro-optimisations for Config 2013-03-04 09:25:23 +13:00
Hamish Friedlander
80bd38e1e9 FIX DataObjectSchemaGenerationTest trying to modify config statics directly 2013-02-28 09:43:34 +13:00
Hamish Friedlander
024a0b90a9 Add ability to create temporary Config copies 2013-02-28 09:43:33 +13:00
Hamish Friedlander
6b986cb17d Extract statics via code analysis rather than introspection 2013-02-28 09:43:33 +13:00
Hamish Friedlander
c98621977c Cache the merged version of any Config value in an in-mem LRU cache 2013-02-28 09:43:33 +13:00
Hamish Friedlander
904fd2d5dc API Make Object::config use late static binding
Can now be used in instance scope, like:
  $this->config()->db
and in static scope, like:
  Page::config()->db
2013-02-27 15:13:59 +13:00
Ingo Schommer
bea1b9002d Merge remote-tracking branch 'origin/3.0' into 3.1
Conflicts:
	control/HTTP.php
2013-02-26 13:28:35 +01:00
Ingo Schommer
d888ea5e67 Updated translations 2013-02-26 13:15:00 +01:00
Sam Minnee
fc3239e2d6 Updated translations 2013-02-26 13:58:28 +13:00
Ingo Schommer
8423149819 Merge pull request #1233 from drzax/add-datepicker-chinese-locales
Add zh-CN and zh-TW locale files for jQuery UI datepicker.
2013-02-25 04:16:55 -08:00
Ingo Schommer
a61f5c1244 Fixed composer docs 2013-02-25 12:23:56 +01:00
Ingo Schommer
44cc467fc7 Note about vendor prefixes 2013-02-25 11:58:12 +01:00
Ingo Schommer
567e39cd19 Updated composer docs 2013-02-25 11:47:11 +01:00
Simon Elvery
384f173a7f Add zh-CN and zh-TW locale files for jQuery UI datepicker. 2013-02-25 16:54:27 +10:00
Sam Minnee
efb4760244 Fixed invalid classname in test 2013-02-25 16:44:54 +13:00
Sam Minnee
88b3901a69 Check for object type before calling method, prevent fatal error in failing test. 2013-02-25 16:33:55 +13:00
Sam Minnee
b2dfa77056 FIX: Ensure that Director::test() doesn't return a string 2013-02-25 16:27:44 +13:00
Sam Minnee
57952977c7 Merge branch 'refindex' of git://github.com/silverstripe-rebelalliance/sapphire into silverstripe-rebelalliance-refindex
Conflicts:
	docs/en/reference/index.md
2013-02-25 15:05:15 +13:00
Sam Minnee
5734c2b3de Merge branch 'refindex' of git://github.com/silverstripe-rebelalliance/sapphire into silverstripe-rebelalliance-refindex
Conflicts:
	docs/en/reference/index.md
2013-02-25 15:03:46 +13:00
Sam Minnée
b90e0c0955 Merge pull request #1230 from oddnoc/3.1-restfulservice-error-check
BUG: Fetch curl_error in RestfulService
2013-02-24 17:59:32 -08:00
Sam Minnée
da109a07c1 Merge pull request #1231 from oddnoc/3.1-restfulservice-option-merge-fix
BUG: Correct semantic error regarding cURL options in RestfulService
2013-02-24 17:59:08 -08:00
Sam Minnée
351f079a7e Merge pull request #1224 from silverstripe-rebelalliance/feature/shortcodes
Two more small fixes for new Shortcode Parser
2013-02-24 17:54:22 -08:00
Fred Condo
d3b3ab806d BUG: Fetch curl_error in RestfulService
$curlError was used only once and never defined. Replace $curlError with
a call to curl_error($ch).
2013-02-22 17:41:55 -08:00
Fred Condo
bd73142bcf BUG: Correct semantic error regarding cURL options in RestfulService
cURL options are numeric, and array_merge is destructive of numeric
keys. Replace array_merge calls with array union operator, with defaults
on right-hand side so that passed options override defaults.
2013-02-22 17:39:01 -08:00
Jeremy Bridson
de641dd544 ENHANCEMENT: updated the reference index on doc.silverstripe.com 3.0 - There were lots of broken and missing links 2013-02-22 12:58:29 +13:00
Hamish Friedlander
7afcd64418 FIX Make ShortcodeParser obey error_behavior in attribute scope 2013-02-22 11:34:15 +13:00
Hamish Friedlander
1ee01c39d4 FIX ShortcodeParser producing bad output after escaped tag
Also tightens up matching of shortcodes so we dont match on invalid shortcodes
2013-02-22 10:30:51 +13:00
Ingo Schommer
67b2d3faa0 Added note on module translations 2013-02-20 13:32:27 +01:00
Ingo Schommer
094db0f4ab Fixed composer install instructions
We've switched the installer to use @stable flags by default,
so those need to be explicitly removed when checking out a dev version.
2013-02-20 13:25:44 +01:00
Ingo Schommer
25af4adce2 Merge tag '3.0.5' into 3.0 2013-02-20 02:21:41 +01:00
Ingo Schommer
9ceef6be07 Added changelog 2013-02-20 00:39:00 +01:00
Sean Harvey
8a70019e78 Merge pull request #1213 from silverstripe-rebelalliance/feature/shortcodes
FIX issues with new shortcode parser
2013-02-19 14:12:28 -08:00
Hamish Friedlander
76fdb2a2d6 FIX ShortcodeParser#parse in < PHP 5.3.6 where saveHTML doesnt take arg 2013-02-20 10:57:06 +13:00
Hamish Friedlander
cbef44b8d6 FIX Make ShortcodeParser#parse passthrough not error on invalid HTML 2013-02-20 10:57:06 +13:00
Hamish Friedlander
5bbf94d2f4 FIX HTML5 parser not tracking context correctly 2013-02-20 10:57:06 +13:00
roed
9e7c622abe fixed error property $ of object is not a function
changed $ to jQuery, because without it the system would generate the following error:

Uncaught TypeError: Property '$' of object [object Window] is not a function
2013-02-19 15:48:29 +01:00
Ingo Schommer
16d0c188ee BUG Find Form actions in CompositeFields for access checks
This bug was introduced with the new nested CMS actions
around December 2012, but wasn't noticed until now
because checkAccessAction() would wrongly return TRUE
before the dataFieldByName() check was reached.
2013-02-19 15:48:29 +01:00
Ingo Schommer
876c660018 Merge pull request #1195 from chillu/pulls/deprecate-scheduled-tasks
API Deprecated ScheduledTask and subclasses
2013-02-19 01:01:53 -08:00
Ingo Schommer
aa0d4e6c90 Merge pull request #1202 from roed/3.1
fixed error property $ of object is not a function
2013-02-19 00:25:52 -08:00
roed
396af557df fixed error property $ of object is not a function
changed $ to jQuery, because without it the system would generate the following error:

Uncaught TypeError: Property '$' of object [object Window] is not a function
2013-02-19 09:20:29 +01:00
Sean Harvey
29de6431fd Merge pull request #1199 from drzax/patch-1
Update docs/en/installation/composer.md
2013-02-18 17:48:58 -08:00
drzax
fc0a81fef4 Update docs/en/installation/composer.md
No need to talk down to people in documentation.
2013-02-19 11:19:50 +10:00
Will Rossiter
813730b96e Merge pull request #1197 from dhensby/patch-2
Remove redundant extraClasses from FieldActions
2013-02-18 14:47:45 -08:00