tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-06-27 06:59:24 +02:00
Code Issues Projects Releases Wiki Activity
21,965 Commits 29 Branches 516 Tags 147 MiB
d94075b02c
Commit Graph

1768 Commits

Author SHA1 Message Date
Steve Boyd
75d31c2cd3 Cache glob results for _configure_database.php 2020-04-10 23:15:12 +12:00
Michal Kleiner
ab87bdc044
Fix SS_BASE_URL logic when undefined and docroot without public folder 2020-04-10 15:06:14 +12:00
Ingo Schommer
a50e15e5ee FIX Avoid VACUUM on test dbs in Postgres 
The Postgres implementation was always faulty,
but the database exception was swallowed until
See https://github.com/silverstripe/silverstripe-framework/pull/9456.

Now that the the exception is only swallowed the first time,
the second recurrence will cause failing test execution.

This is a bit of an awkward fix, but the indirection "through" DataObject doesn't allow for anything else without changing public API surface.
The logic goes from TempDatabase to DBSchemaManager, then through the closure into DataObject->requireTable(),
then back into DBSchemaManager->requireTable(). And updateschema() is subclassed in SQLite3, making it difficult to add more arguments.

VACUUM is described as:

> VACUUM reclaims storage occupied by dead tuples. In normal PostgreSQL operation, tuples that are deleted or obsoleted by an update are not physically removed from their table; they remain present until a VACUUM is done. Therefore it's necessary to do VACUUM periodically, especially on frequently-updated tables.

https://www.postgresql.org/docs/9.1/sql-vacuum.html

Since test databases are short-lived, there's no reason to delete dead tuples, they'll be garbage collected when either the transaction is rolled back, or the database is destroyed after the test run.
 2020-04-09 14:43:16 +12:00
Ingo Schommer
2c5deceeb4 FIX Filter out all FULLTEXT BOOLEAN chars 
The query might still work depending on where these chars are placed,
but it seems weird to only remove *some* of the valid chars here.
See https://dev.mysql.com/doc/refman/5.6/en/fulltext-boolean.html

Note that the query runs both the actual boolean query with chars,
and then a separate relevance search without them.
 2020-04-09 10:32:45 +12:00
Ingo Schommer
0215fdd262 DOC Clarify sanitisation in searchEngine() under boolean mode 
This came up in https://github.com/silverstripe/silverstripe-cms/issues/1452, and wasn't fully addressed.
Either we allow boolean mode and all the constraints this brings around special character usage,
or we filter out those special characters, which makes boolean mode pointless.
You can't just pass arbitrary user input in a power-user function like this.
See https://dev.mysql.com/doc/refman/5.6/en/fulltext-boolean.html

Context: This used to work for some examples like "foo>*" under MyISAM,
presumably because it had a more lenient parser. InnoDB rightfully complains about this now.
 2020-04-09 10:32:45 +12:00
Ingo Schommer
c6b698cb02 NEW Allow InnoDB for FULLTEXT indexes 
MyISAM used to be the only one to support it, now InnoDB has caught up.
Unless an engine is set specifically in create_table_options,
this will auto-convert existing MyISAM tables to InnoDb.

Fixes #9242
 2020-04-09 10:32:45 +12:00
Ingo Schommer
052c5cbc38 BUG Infinite loops in TempDatabase (fixes #8902) 
Ugly, but so is the original implementation that this works around (swallowing an exception to trigger functionality)
 2020-04-08 13:58:02 +12:00
Robbie Averill
f77f725355
Merge pull request #9447 from mattclegg/docs__GridFieldDetailForm_ItemRequest-httpError 
[DOCS] Better debug text for errors generated by GridFieldDetailForm_ItemRequest
 2020-04-02 13:05:49 -07:00
Robbie Averill
d3b19069b3
Apply suggestions from code review 
Add double quotes around object title
 2020-04-02 12:51:13 -07:00
Dan Hensby
d1075f29b8
Remove empty parameter as per feedback 2020-04-02 12:11:35 +01:00
Dan Hensby
9e0ed0a50a
Fix spaces around concatenation operator 2020-04-02 12:09:22 +01:00
Dan Hensby
5bf2ac83ee
Merge branch '4.5' into 4 2020-04-01 19:23:47 +01:00
Loz Calver
39fab1974a
Merge pull request #9435 from unclecheese/pulls/4.5/wha-diff 
BUGFIX: Ensure diff arrays are one-dimensional
 2020-04-01 09:16:20 +01:00
Matt Clegg
e80f1b2b83
[DOCS] Member::logInAs is not a valid example 
Member::logInAs doesn't exist as a static function.

Additionally, `logInAs` does exist as a function in SapphireTest.php, so, should this be updated to also use `Member::actAs` for consistency?
 2020-03-31 18:20:21 +05:45
mattclegg
24bc80ed35
[DOCS] Better debug text for errors generated by GridFieldDetailForm_ItemRequest 2020-03-31 12:09:16 +05:45
Daniel Hensby
1fb574a5bd
NEW: Variadic URL parameter matches for url_handlers (#9438) 
* Add wildcard URL parameter matches for url_handlers

* Extra tests for wildcard parameters

* Add a PHP warning if more params appear after wildcard param
 2020-03-25 09:16:13 +13:00
Michal Kleiner
30c3b127c1 NEW Add ClassInfo method to get all classes with a given extension applied 2020-03-24 10:48:35 +13:00
Robbie Averill
5002f514b3
FIX Capitalisation fixes in welcome back message (#9439) 2020-03-23 15:54:30 +13:00
Aaron Carlino
7ad5f1bb14 BUGFIX: Ensure diff arrays are one-dimensional 2020-03-17 15:57:28 +13:00
Robbie Averill
b6512edec8
Merge pull request #9434 from mattclegg/bugfix--silverstripe-admin--requirements 
[BUGFIX] silverstripe/admin is not required to be installed
 2020-03-16 09:48:39 -07:00
mattclegg
06dab6b539
[BUGFIX] silverstripe/admin is not required to be installed 
If the silverstripe/admin module is not installed then the javascript/css requirements fail to load
 2020-03-16 18:54:01 +05:45
Garion Herman
88660e6435
Merge pull request #9426 from creative-commoners/pulls/4.5/change-atomic-job-title 
DOC Update atomic MigrationTask description
 2020-03-16 15:19:33 +13:00
Ramon Lapenta
9c7eac481e Add "option" to list elements that belong to "listbox" 
The accessibility attribute `role="listbox"` requires its immediate children to be set as `role="option"`, currently they don't have this option and accessibility tests are failing.
 2020-03-10 11:10:04 -06:00
Steve Boyd
667495eaf9 Merge branch '4.5' into 4 2020-03-06 10:53:28 +13:00
Steve Boyd
687435a2f1 Merge branch '4.4' into 4.5 2020-03-06 10:52:22 +13:00
Steve Boyd
6d6cc65927 Update description 2020-03-06 09:57:31 +13:00
UndefinedOffset
bba0f2f72f
BUGFIX: Fixed issue where TimeField_Readonly would only show "(not set)" instead of the value 2020-02-24 09:59:00 -04:00
Maxime Rainville
affd43052a Merge branch '4.5' into 4 2020-02-17 18:11:23 +13:00
Maxime Rainville
acd7d94167 Merge branch '4.4' into 4.5 2020-02-17 13:07:26 +13:00
Maxime Rainville
49fda52b12
Merge pull request #94 from silverstripe-security/fix/cve-2019-19325 
CVE-2019-1935
 2020-02-17 12:54:40 +13:00
Serge Latyntcev
ad1b00ec7d [CVE-2019-19325] XSS through non-scalar FormField attributes 
Silverstripe Forms allow malicious HTML or JavaScript to be inserted
through non-scalar FormField attributes, which allows performing XSS (Cross-Site Scripting)
on some forms built with user input (Request data). This can lead to phishing attempts
to obtain a user's credentials or other sensitive user input.
There is no known attack vector for extracting user-session information or credentials automatically,
it required a user to fall for the phishing attempt.
XSS can also be used to modify the presentation of content in malicious ways.
 2020-02-17 09:58:29 +13:00
Guy Marriott
c31de772ab
Merge pull request #8838 from creative-commoners/pulls/4/slash-means-root 
Use '/' as an alternative designation for root in routing
 2020-02-14 11:29:32 -08:00
Garion Herman
29943f9049
API TestSession request methods now use the correct HTTP method (#8987) 
* API TestSession request methods now use the correct HTTP method

* DOCS Update requests section in Functional Testing to reflect API change
 2020-02-14 16:01:06 +13:00
Garion Herman
9d1d59d8d1 NEW Accept / as designation for root URL controller 2020-02-14 14:41:10 +13:00
Steve Boyd
8c7e10bd55 Merge branch '4.5' into 4 2020-02-11 16:45:35 +13:00
Steve Boyd
9d5c3ef20e Merge branch '4.4' into 4.5 2020-02-11 16:45:15 +13:00
Mojmir Fendek
285e6caafa PR fixes 2020-02-11 10:43:01 +13:00
Mojmir Fendek
448147c2f1 PR fixes 2020-02-10 09:17:34 +13:00
Mojmir Fendek
660f80d284 PR fixes 2020-02-07 13:49:19 +13:00
mnuguid
ca36a47bb1 FIX Update ORM DBField types to use Injector in scaffoldFormField() 
- This is usable in cases where a DBField is needed to be overloaded through the Injector.
 2020-02-04 21:43:47 +13:00
Mojmir Fendek
99786dda22 ORM Column now supports related table lookup 2020-01-28 15:46:30 +13:00
Mojmir Fendek
9c38c5f625 CMS action related extension points (#9340) 
* CMS action related extension points

* Refactor to use fewer extension points

* Remove explicit return type

Co-authored-by: Aaron Carlino <unclecheese@leftandmain.com>
 2020-01-27 15:09:15 +13:00
Maxime Rainville
6ff0f3f466 BUG The "Link existing" should be disabled rather than readonly. 2020-01-24 14:47:12 +13:00
Robbie Averill
4121099484 Merge branch '4.5' into 4 2020-01-16 20:00:02 -08:00
Robbie Averill
53fcd47dfc Merge branch '4.4' into 4.5 2020-01-16 19:59:42 -08:00
Robbie Averill
26e3b6f4e3 Merge branch '4.3' into 4.4 2020-01-16 19:59:24 -08:00
Mojmir Fendek
acbbf80d14 CMS action related extension points (#9340) 
* CMS action related extension points

* Refactor to use fewer extension points

* Remove explicit return type

Co-authored-by: Aaron Carlino <unclecheese@leftandmain.com>
 2020-01-15 14:24:49 +13:00
Robbie Averill
38d7bd700d
Merge pull request #9373 from manja/4.5 
Fixed issue with merging existing entities in text collector
 2020-01-14 09:27:35 -08:00
Martin D
ec6a353543 array_key_exists() on objects is deprecated 
Ref: https://wiki.php.net/rfc/deprecations_php_7_4#array_key_exists_with_objects
 2020-01-14 09:22:49 -08:00
Nemanja Karadzic
18f0829053 Fixed issue with merging existing entities in text collector 2020-01-14 14:20:40 +01:00
Garion Herman
af90d17e19
Merge pull request #9359 from open-sausages/pulls/4.4/dbhtmlvarchar-scafolding 
BUG Remove bad default when scaffolding form field for DBHTMLVarchar
 2020-01-07 09:33:25 +13:00
Maxime Rainville
31a8c16c43
Remove default row size 2020-01-07 09:13:03 +13:00
Loz Calver
a42249b6fc Minor performance improvement in DatabaseAdapterRegistry::autoconfigure() 2019-12-19 14:39:46 +00:00
Serge Latyntcev
eaf6bca706 Merge branch '4.5' into 4 2019-12-19 11:26:38 +13:00
Maxime Rainville
8d69cf9f75 BUG Remove bad default when scaffolding form field for DBHTMLVarchar 2019-12-18 17:32:02 +13:00
Andre Kiste
6650d81324 BUG Fix extra blank Group being created when creating a new Group (#9325) 
* Fix extra blank Group being created when creating a new Group

* Update tests to reflect expected behavior

* Improved tests
 2019-11-27 09:32:33 +13:00
shoosah
2724d93111 Allow to add error message into a specific field 2019-11-22 11:03:27 +13:00
Loz Calver
453945da14 FIX: Session::restart() didn't correctly restart session (fixes #9259) 2019-11-20 14:21:30 +00:00
Serge Latyntcev
f67e15b8ee Merge branch '4.5' into 4 2019-11-20 11:12:49 +13:00
Serge Latyntcev
91e4aa90f1 Merge branch '4.4' into 4.5 2019-11-20 11:09:23 +13:00
Serge Latyntcev
8219491705 Merge branch '4.3' into 4.4 2019-11-20 11:08:35 +13:00
Robbie Averill
77ccadd663
Merge pull request #9300 from LABCAT/patch-1 
Improvement to docs for send_file function
 2019-11-14 09:08:16 -08:00
Serge Latyntcev
559f660e0e Merge branch '4.4' into 4 2019-11-13 15:40:34 +13:00
Mojmir Fendek
e2bea6b41f API Add withConfig method (#9011) 
* With config functionality added.
* Update docs/en/02_Developer_Guides/04_Configuration/00_Configuration.md
 2019-10-31 16:12:04 +13:00
Michal Kleiner
4f614423ad Ensure Requirements_Backend respects explicit false for async/defer 2019-10-30 09:59:57 +13:00
Damian Mooyman
e76601e5c8
BUG FormAction title property cannot be set if useButtonTag is false 2019-10-29 17:21:45 +13:00
LABCAT
501d9a1480
Update HTTPRequest.php 2019-10-23 22:52:53 +13:00
LABCAT
630c6c0514
Update src/Control/HTTPRequest.php 
Co-Authored-By: Robbie Averill <robbie@averill.co.nz>
 2019-10-23 21:05:22 +13:00
Garion Herman
17f4cc6e30
Merge pull request #9281 from creative-commoners/pulls/4/textfield-tip-ui 
NEW: Add support for Tip UI in TextField
 2019-10-23 16:50:43 +13:00
Garion Herman
bed3f2b3c6 NEW Add type declarations to Tip API, add TippableFieldInterface 2019-10-23 10:46:22 +13:00
Garion Herman
195417b061 NEW Extract Tip from TextField, add test coverage 2019-10-22 17:04:58 +13:00
LABCAT
d3a17958ef
Update src/Control/HTTPRequest.php 
Co-Authored-By: Robbie Averill <robbie@averill.co.nz>
 2019-10-22 16:17:04 +13:00
LABCAT
67c944c962
Improvement to docs for send_file function 2019-10-22 15:18:03 +13:00
Serge Latyntsev
bd2ccf70fa
Merge pull request #9282 from open-sausages/pulls/4/docs/clarify-basic-auth 
DOCS Clarify BasicAuth limitations
 2019-10-22 14:01:51 +13:00
Maxime Rainville
e59625fe5a
NEW Add ability to define image size preset for the TinyMCE editor. (#9276) 
* NEW Add ability to define image size preset for the TinyMCE editor.
* DOC Explain how to define image size pre-sets
 2019-10-22 11:50:28 +13:00
Serge Latyntcev
33a28394d6 Merge branch '4.4' into 4 2019-10-18 15:59:28 +13:00
Serge Latyntcev
0cf5d4cbe2 Merge branch '4.3' into 4.4 2019-10-18 15:58:13 +13:00
Serge Latyntcev
46b9530d88 PSR2 linting fixes 2019-10-18 15:31:39 +13:00
Serge Latyntcev
7873efde9c Merge branch '4.4' into 4 2019-10-18 10:58:19 +13:00
Serge Latyntcev
dcbe6d0310 Merge branch '4.3' into 4.4 2019-10-18 10:57:35 +13:00
Garion Herman
efc7ba9520 NEW Tweak TextField Tip API to match changes to component 2019-10-11 15:04:56 +13:00
Ingo Schommer
8dcda91538 DOCS Clarify BasicAuth limitations 2019-10-10 10:41:39 +13:00
Garion Herman
a44bc5bcf3 NEW Add support for Tip UI in TextField 
See TextField documentation in silverstripe/admin Pattern Library
 2019-10-09 16:26:06 +13:00
Damian Mooyman
d7752b7945
Run PSR2 Lint cleaner 2019-10-04 13:26:31 +13:00
Damian Mooyman
f1594fd991 BUG Ensure that canCreate() context matches that respected by GridFieldAddNewButton 2019-10-04 11:24:34 +13:00
Robbie Averill
1265f09f4f
Merge pull request #9271 from michalkleiner/pulls/4/check-array-props-in-custom-methods 
FIX Check array keys existence when removing methods in CustomMethods
 2019-10-03 14:30:22 -07:00
Serge Latyntcev
7db524bd90 FIX DebugViewFrendlyErrorFormatter handle of admin_email 2019-10-04 10:26:54 +13:00
Robbie Averill
e49cec3a00
Merge pull request #9247 from jakxnz/pulls/4/record-login-attempt-outputs 
ENHANCEMENT: MemberAuthenticator::recordLoginAttempt() outputs
 2019-10-03 10:46:34 -07:00
Dylan Wagstaff
047ac060c4
Merge pull request #9265 from emteknetnz/feature/noopener 
Add noopener attribute to links with a target
 2019-10-03 14:42:50 +13:00
Steve Boyd
887f198b07 Add rel attribute to link elements with a target attribute 2019-10-03 14:03:12 +13:00
Damian Mooyman
58c080db5a FEATURE Option placeholder for upload folder id (#9262) 
* FEATURE Option placeholder for upload folder id

* ENHANCEMENT Add setFolderName() to TinyMCEConfig

* Typehint return type

* Add type to param
 2019-09-30 10:50:55 +13:00
Michal Kleiner
1a2dbfd3a5
Update conditional logic when checking array keys before removing methods in CustomMethods 2019-09-30 10:17:59 +13:00
Michal Kleiner
52a039f631 Check array keys existence prior to their usage when removing methods in CustomMethods 2019-09-27 14:57:15 +12:00
JorisDebonnet
349589b23b
Clarify that $title in FormField can accept ViewableData 
When constructing a FormField, an IDE would previously tell you the `$title` needs to be string (or null). Let's make it more clear that a ViewableData instance (such as `HTMLValue::create($title)`) is also accepted. This should help people more quickly find a solution to put html in labels.
 2019-09-26 02:39:39 +02:00
Sam Minnée
af6644f762
Merge pull request #9240 from chrometoasters/pulls/db-readonly-transactions-support 
NEW Introduce supported database transaction mode check
 2019-09-25 10:02:53 +12:00
Serge Latyntcev
88fde6e7c3 Merge branch '4.4' into 4 2019-09-24 17:29:06 +12:00
Serge Latyntcev
50a1aa4c4d Merge branch '4.3' into 4.4 2019-09-24 17:28:31 +12:00
Aaron Carlino
b002ef1171 Merge branch '4.4' into 4 2019-09-24 17:26:50 +12:00
Serge Latyntcev
8b7063a8e2 [CVE-2019-12617] Fix access escalation for CMS users with limited access through permission cache pollution 2019-09-24 16:03:48 +12:00
Serge Latyntcev
eccfa9b10d [CVE-2019-12203] Session fixation in "change password" form 
A potential account hijacking may happen if an attacker has physical access to
victim's computer to perform session fixation. Also possible if the targeted application contains an XSS vulnerability.
Requires the victim to click the password reset link sent to their email.
If all the above happens, attackers may reset the password before the actual user does that.
 2019-09-24 16:03:48 +12:00