Commit Graph

110 Commits

Author SHA1 Message Date
Hamish Friedlander
4b54383d68 API change request handling to be more orthogonal
RequestHandler#handleAction now exists. It takes the request, and
the action to call on itself. All calls from handleRequest to call an action
will go through this method

Controller#handleAction has had it's signature changed to
match new RequestHandler#handleAction

RequestHandler#findAction has been added, which extracts the
"match URL to rules to find action" portion of RequestHandler#handleRequest
into a separate, overrideable function

GridField#handleAction has beeen renamed to handleAlterAction and
CMSBatchActionHandler#handleAction has been renamed to handleBatchAction to
avoid name clash with new RequestHandler#handleAction

Reason for change: The exact behaviour of request handling depended heavily
on whether you inherited from RequestHandler or Controller, and whether the
rule extracted it's action directly (like "foo/$ID" => 'foo') or dynamically
(like "$Action/$ID" => "handleAction"). This cleans up behaviour so
all calls follow the same path through handleRequest and handleAction, and
the additional behaviour that Controller adds is clear.
2013-02-18 14:56:04 +13:00
Hamish Friedlander
5fd55a50f2 API Tighten up allowed_actions
allowed_actions is now only allowed to reference public methods defined
on the same Controller as the allowed_actions static, and
the wildcard "*" has been deprecated
2013-02-18 14:53:33 +13:00
Hamish Friedlander
7efae6b95f Merge remote-tracking branch 'origin/3.0' into 3.1 2013-02-18 14:31:57 +13:00
Ingo Schommer
f06ba70fc9 BUG Undefined $allowed_actions overrides parent definitions, stricter handling of $allowed_actions on Extension
Controller (and subclasses) failed to enforce $allowed_action restrictions
on parent classes if a child class didn't have it explicitly defined.

Controllers which are extended with $allowed_actions (through an Extension)
now deny access to methods defined on the controller, unless this class also has them in its own
$allowed_actions definition.
2013-02-17 23:30:36 +01:00
Ingo Schommer
14a56c18e9 Merge remote-tracking branch 'origin/3.0' into 3.1
Conflicts:
	control/Director.php
2013-02-07 21:45:16 +01:00
Ingo Schommer
d77e06d585 Merge pull request #1123 from chillu/pulls/revert-content-length
API Remove Content-Length setting from HTTPResponse (fixes #8010)
2013-01-31 10:19:17 -08:00
Ingo Schommer
634c91c6ff Merge remote-tracking branch 'origin/3.0' into 3.1
Conflicts:
	email/Mailer.php
2013-01-30 12:46:24 +01:00
Sam Minnee
d8bfc0bb48 API CHANGE: Added Security::set_login_url() so that you can define an alternative log-in page if you have made one yourself. 2013-01-29 18:03:47 +01:00
Damian Mooyman
1ca15d0399 API HTTP::urlRewriter with (string)$code deprecated in 3.1. Fixed regressions and CSS urls.
urlRewriter will expect a callable as a second parameter,
but will work with the current api and simply raise a deprecation error.

HTTP::absoluteURLs now correctly rewrites urls into absolute urls. Resolves introduced in c56a80d6ce

HTTP::absoluteURLs now handles additional cases where urls were not translated.

Test cases for HTTP::absoluteURLs added for both css and attribute links.

Cleaned up replacement expression and improved documentation.
2013-01-24 09:49:44 +01:00
Ingo Schommer
c69381c33e API Remove Content-Length setting from HTTPResponse (fixes #8010)
This reverts commit 356a367eb5.
We can't use headers_sent() to determine an accurate
content length, since PHP defaults to buffering a couple of bytes
even without ob_start() (see "output_buffering" setting).
This makes the patch harmful, since it breaks any responses relying
on more structure data, like removing closing brackets from JSON.
Which in turn breaks the CMS in horrible ways (see #8010).
See #7574 for context.
2013-01-23 15:05:33 +01:00
Simon Welsh
b0121b541c Add codesniffer that ensures indentation is with tabs. 2012-12-12 17:33:31 +13:00
Simon Welsh
fc5dd2994c Add codesniffer that ensures indentation is with tabs. 2012-12-12 00:12:11 +13:00
Ingo Schommer
15a687f1e7 Merge remote-tracking branch 'origin/3.0' 2012-11-23 15:31:08 +01:00
Ingo Schommer
aa72425e84 Fixed PHPUnit assertions for incomplete tests in core
Avoid PHPUnit throwing "test didn't run any assertions"
notices in PHP. If nothing else, it keeps test output
looking less broken by default, making it more likely
that actual errors do get noticed.
2012-11-23 15:16:39 +01:00
Sean Harvey
d038cd7a65 Removing deprecated tests 2012-11-15 14:43:15 +13:00
Ingo Schommer
efabde1416 Merge remote-tracking branch 'origin/3.0'
Conflicts:
	admin/css/screen.css
	admin/scss/_style.scss
	security/Member.php
2012-10-30 17:52:49 +01:00
Simon Welsh
624f427c2a Removes line longer than 120c 2012-10-29 10:22:53 +13:00
Will Rossiter
69ea73b4ed Merge pull request #777 from halkyon/field_edit3
Member_ProfileForm respect canEdit() permissions on Member
2012-10-27 20:11:46 -07:00
Ingo Schommer
56f7ce1dcf Merge remote-tracking branch 'origin/3.0'
Conflicts:
	control/Cookie.php
	control/Director.php
	control/HTTPResponse.php
	model/Database.php
	model/MySQLDatabase.php
	model/SQLQuery.php
	view/Requirements.php
	view/SSViewer.php
2012-10-03 16:16:19 +02:00
Sam Minnee
1f7fc1f76a FIX Remove instances of lines longer than 120c
The entire framework repo (with the exception of system-generated files) has been amended to respect the 120c line-length limit.  This is in preparation for the enforcement of this rule with PHP_CodeSniffer.
2012-09-30 17:18:13 +13:00
Ingo Schommer
356a367eb5 BUG Setting response length directly before output (fixes #7574)
Complying to HTTP1.1/RFC2616 in terms of when to
set 'Content-Length' in the first place
2012-09-29 17:24:33 +02:00
Sam Minnee
39952f4a5c API: Added 'onBeforeHTTPError' and 'onBeforeHTTPError<code>' extension points to RequestHandler::httpError().
These APIs are primarily intended to let developers write custom 404 handlers.  They can define an onBeforeHTTPError404() method on an Extension that gets added to Controller or RequestHandler.

The SS_HTTPResponse_Exception object has also been tidied up to override the status info of any SS_HTTPResponse object that might get passed.  This is mainly to make it easier for callers (such as ContentController and ModelAsController) to use RequestHandler::httpError() more consistently.
2012-09-27 12:26:25 +12:00
Simon Welsh
1e629f4585 Merge branch '3.0'
Conflicts:
	control/Cookie.php
	control/Director.php
	dev/Profiler.php
	view/Requirements.php
2012-09-21 14:56:56 +12:00
Ingo Schommer
e2f073f38a Method visibility according to coding conventions 2012-09-20 10:46:59 +02:00
Sean Harvey
e73d28b24e Fixing unit test to restore extensions after test 2012-09-10 14:09:40 +12:00
Ingo Schommer
1088d044c5 Merge remote-tracking branch 'origin/3.0'
Conflicts:
	.travis.yml
2012-09-07 17:21:41 +02:00
Sean Harvey
5cbd2dbeb4 BUG CMSProfileController::Member_ProfileForm() respecting canEdit() permissions on Member
CMSProfileController currently checks canView() which ensures that a logged in CMS
Member can access the profile controller, but when saving the record on Member_ProfileForm
there is no check for canEdit(), so extended permissions don't get respected.

This adds a check for canEdit() in Member_ProfileForm, and adds some functional tests
to check permissions.
2012-09-07 11:24:47 +12:00
Damian Mooyman
9b6216d967 FIXED: Error in test case deprecation 2012-08-27 11:04:16 +12:00
Damian Mooyman
c2a8eec43c APICHANGE: Changed behaviour of HTTP_Request::params to include route table params (as per 2.4 behaviour, see FIX: below).
ADDED: HTTP_Request::params() to retrieve all (shifted) params used in the request
FIXED: Issue where route-table level arguments would not be accessible without using non-deprecated API.
ADDED: Test case to test the above items
UPDATED: Extended Director::test to allow for the retrieval of the request object
UPDATED: Deprecated notice on Director::urlParam and Director::urlParams
REMOVED: Unused variable
FIXED: Coding convention conformity
2012-08-27 10:56:59 +12:00
Simon Welsh
f1db583fb4 NEW Allow arguments to be passed to allowed_action checkers
This allows arguments to be passed along in an $allowed_actions deceleration of
the form 'action' => '->method' in the same way that arguments can be passed to
extension constructors when adding them using $extensions or
Object::add_extension.

I.e. 'action' => '->checkerMethod(false, 7, 2, "yesterday") would call the
checkerMethod method with the boolean false the numbers 7 and 2 and  the string
"yesterday" as its arguments.
2012-08-23 17:05:12 +12:00
Ingo Schommer
5a2247a440 Merge pull request #589 from simonwelsh/absolute_url
FIX Director::is_absolute_url() now ignores query string
2012-08-16 11:50:29 -07:00
Tim Klein
a67b964267 FIX: improve Director::makeRelative() to ignore SSL changes.
See http://open.silverstripe.org/ticket/6672. Expanded on initial patch with test coverage. Fixes another one of the commented out cases in the test by picking up URL's which do not include a protocol.
2012-07-01 22:08:09 +12:00
Simon Welsh
e0505406a7 FIX Director::is_absolute_url() now ignores query and fragment strings
Director::is_absolute_url() checks for //. It used to include the
entire URI, now it ignores the query and fragment strings.
2012-06-30 23:48:43 +12:00
Will Rossiter
16cb504d8e API: add $includeGetVars flag for SS_HTTPRequest() to return the URL with the attached GET parameters. 2012-06-29 22:02:30 +12:00
Ingo Schommer
417c03716c BUGFIX Avoid Session::set() clearing on existing val (fixes #7487) 2012-06-17 23:46:52 +02:00
carlos barberis
856991d644 BUGFIX: Ticket #6069 Checking of URLSegment can end in an infinite loop (when saving Page in CMS) 2012-06-15 11:27:58 +12:00
Ingo Schommer
8ecdd0b082 Merge branch 'pjax-set-fragments' of https://github.com/mateusz/sapphire into mateusz-pjax-set-fragments 2012-06-13 10:31:09 +02:00
Mateusz Uzdowski
377ac50773 ENHNANCEMENT: allow overriding of PJAX fragments included in the response. 2012-06-13 12:57:11 +12:00
Ingo Schommer
b4fb174809 MINOR Fixed PjaxResponseNegotiatorTest 2012-06-05 14:22:00 +02:00
Ingo Schommer
473eda43cb ENHANCEMENT Allowing multiple fragments to be returned by PjaxResponseNegotiator through JSON 2012-05-30 15:07:13 +02:00
Sean Harvey
f446547cd7 MINOR Using Config system instead of Director::addRules() in tests 2012-05-22 17:13:05 +12:00
Sean Harvey
91c356a0c6 MINOR Disabling offending MIME type test case on multiple operating systems. See
pull request #432 for more information.
2012-05-12 10:21:23 +12:00
Stig Lindqvist
dffae1a2e7 API CHANGE: Do not rely on a specific OS mime type detection, use PHP finfo
This also removes the $global_mimetypes that was generating weird errors when both HTTP and Mailer classes tried to modify and use it.

Support of finfo should be straightforward since PHP 5.3 includes that module that default
2012-05-11 11:34:07 +12:00
Sean Harvey
b1e17578c7 API CHANGE Removed assertType() and assertEmpty() workarounds. Use assertInstanceOf()
instead of assertType(), assertEmpty() is available in PHPUnit 3.5+.
PHPUnit 3.4 is no longer supported, so please upgrade your version to
work.

MINOR Removed FullTestSuite which was a workaround for PHPUnit but not
used.
2012-05-09 23:05:39 +12:00
Ingo Schommer
d5b3dbc6fb SECURITY Return true for Director::is_absolute_url() checks if they're prefixed with two or more slashes (as browsers interpret this as a valid URL)
SECURITY More solid URL checks in Director::is_site_url(), using a conservative parse_url() hostname comparison rather than Director::makeRelative(), which is not designed for security purposes
2012-05-04 12:10:59 +02:00
Sean Harvey
f63d137d49 ENHANCEMENT Session::start() now only called when there is changed
session data to be saved, and started on Director::direct() when there
is a cookie (or request var) containing the current PHP session name.
2012-04-27 16:28:46 +12:00
Simon Welsh
f07258f3cf MINOR Update @package values to match renaming sapphire 2012-04-15 10:50:19 +12:00
Simon Welsh
3a6341a251 API-CHANGE sapphire folder can now be renamed. 2012-04-15 10:50:19 +12:00
Simon Welsh
f8082e4814 MINOR Add newline to end of files without one 2012-04-15 10:50:19 +12:00
Sam Minnee
e01b0aa3d0 ENHANCEMENT PjaxResponseNegotiator for more structured partial ajax refreshes, applied in CMS and GridField. Also fixes issues with history.pushState() and pseudo-redirects on form submissions (e.g. from page/add to page/edit/show/<new-record-id>) 2012-04-05 23:00:22 +02:00