Commit Graph

754 Commits

Author SHA1 Message Date
Damian Mooyman
b4910e133c Merge pull request #7412 from open-sausages/pulls/4.0/fun-times-in-thumbnails
Enhancement add notice for MigrateFileTask if FileMigrationHelper doesn't exist
2017-10-02 16:59:40 +13:00
Damian Mooyman
17718e3854 Merge pull request #7415 from open-sausages/pulls/4.0/no-cache-in-my-home
Fix typos in FilesystemCacheFactory
2017-10-02 16:53:52 +13:00
Chris Joe
b219e40ff7 Merge pull request #7414 from open-sausages/pulls/4.0/basic-auth-var
BUG Restore SS_USE_BASIC_AUTH env var
2017-10-02 15:11:19 +13:00
Christopher Joe
26f7f0482c Fix typos in FilesystemCacheFactory 2017-10-02 15:10:44 +13:00
Christopher Joe
36397c787c Enhancement add notice for MigrateFileTask if FileMigrationHelper doesn't exist
Enhancement add call to image thumbnail helper to generate thumbnails
2017-10-02 14:54:31 +13:00
Chris Joe
fe98555d0a Merge pull request #7413 from open-sausages/pulls/4.0/member-i18n-speed
ENHANCEMENT Use less expensive i18n defaults in Member::populateDefaulateDefaults()
2017-10-02 13:03:44 +13:00
Chris Joe
ccc24764c4 Merge pull request #7411 from open-sausages/pulls/4.0/superfluous-date-props
Remove superfluous datefield props
2017-10-02 10:24:30 +13:00
Damian Mooyman
e2750c03fc
BUG Restore SS_USE_BASIC_AUTH env var
Fixes #7268
2017-09-29 16:56:56 +13:00
Damian Mooyman
f4b1417612
ENHANCEMENT Use less expensive i18n defaults in Member::populateDefaults()
Fixes #7381
2017-09-29 16:40:17 +13:00
Damian Mooyman
fa57deeba4
ENHANCEMENT Allow vendor modules with url rewriting
API Introduce ModuleResource feature
2017-09-29 10:28:38 +13:00
Damian Mooyman
3011650b5a
Remove superfluous datefield props
Fixes #7397
2017-09-29 10:25:22 +13:00
Damian Mooyman
f574f6d1b2
Reset test state for modified config options 2017-09-28 17:24:32 +13:00
Christopher Joe
90d0361a6c Enhancement update set_themes to not update config 2017-09-28 16:47:13 +13:00
Christopher Joe
7e92b053f4 Enhancement Add setter and getter for certain classes, so that LeftAndMain no longer updates config during init 2017-09-28 16:47:13 +13:00
Damian Mooyman
da27948777 Merge pull request #7373 from dhensby/pulls/4/rate-limit-security
NEW RateLimiter for Security controller
2017-09-28 11:01:37 +13:00
Damian Mooyman
e4fd9b4ff7
Code style fixes 2017-09-28 09:54:29 +13:00
Daniel Hensby
5f739c111e
added ratelimiter tests 2017-09-27 16:42:04 +01:00
Daniel Hensby
51ac297c59
Fixes to ratelimiter and new features 2017-09-27 14:44:38 +01:00
Andrew O'Neil
c7cbbb29f4 Fix links on paginated lists when there are GET vars
Prior to this change, if there were already GET vars on a page
with a PaginatedList, the links would include a mix of '&' and '&'.
2017-09-27 15:41:08 +10:00
Daniel Hensby
28552155c3
NEW Add actWithPermission to SapphireTest for shortcut to perform actions with specific permissions 2017-09-26 13:39:31 +01:00
Robbie Averill
33ae463e5b FIX Class name in _t() call in installer and run text collector 2017-09-26 14:57:16 +13:00
Mike Cochrane
b8e5a2ce32 FIX readonly PermissionCheckboxSetField
A readonly PermissionCheckboxSetField (eg in Security when viewing a member without permission to edit it) can result in calling "getRecord()" on null.  Add is_object check, consistent with line 98.
2017-09-25 15:25:10 +13:00
Loz Calver
1dd0c04891 Tidy up + document SSViewer classes 2017-09-21 17:03:21 +01:00
Damian Mooyman
f1a12e15be
BUG Fix sub-template lookup for includes 2017-09-20 18:04:01 +12:00
Chris Joe
c939737e5c Merge pull request #7386 from open-sausages/pulls/4.0/class-case-fixing
ENHANCEMENT Don't force all class names to lowercase
2017-09-20 16:46:49 +12:00
Damian Mooyman
261302a121
ENHANCEMENT Don't force all class names to lowercase
Speeds up autoloading because composer psr-4 works properly now
2017-09-20 15:14:55 +12:00
Christopher Joe
265f91060c Fix phpcs error 2017-09-20 12:42:45 +12:00
Damian Mooyman
09b3a24f30
BUG Detect, warn, and fix invalid SS_BASE_URL
Fixes #7362
2017-09-20 10:42:13 +12:00
Loz Calver
7431122b58
Make auto login token expiry configurable (closes #7278) 2017-09-18 14:06:13 +01:00
Daniel Hensby
04b1bb816e
NEW RateLimiter for Security controller 2017-09-14 14:23:36 +01:00
Damian Mooyman
7b3286d512 Merge pull request #7374 from dhensby/pulls/4/ci-http-headers
FIX HTTP Headers are case insensitive
2017-09-14 09:52:26 +12:00
Daniel Hensby
9198313658
FIX HTTP Headers are case insensitive 2017-09-13 16:02:12 +01:00
Chris Joe
c3f7165023 Merge pull request #7371 from open-sausages/pulls/4.0/fix-gridfield-print
BUG Fix gridfield print styles
2017-09-13 15:58:05 +12:00
Damian Mooyman
d05d22abc2 Merge pull request #7343 from creative-commoners/pulls/4.0/add-extra-class
NEW Allow GridFieldEditButton to have configurable HTML classes. Change edit icon.
2017-09-13 15:39:38 +12:00
Sacha Judd
c707fccf69 NEW Allow GridFieldEditButton to have configurable HTML classes. Change edit icon. 2017-09-13 13:11:17 +12:00
Damian Mooyman
f8ef97c167
BUG Fix import modal
Fixes https://github.com/silverstripe/silverstripe-admin/issues/251
2017-09-13 12:52:20 +12:00
Damian Mooyman
1892a02076
BUG Fix gridfield print styles 2017-09-13 11:48:42 +12:00
Andrew Aitken-Fincham
6613826ed8 FIX SSViewer::add_themes() to properly prepend 2017-09-12 13:34:56 +01:00
Damian Mooyman
905c4e04d5
BUG Incorrect path for requirements file 2017-09-12 10:36:48 +01:00
Bernard Hamlin
fa86f42ab9
BEM class names for filter-buttons 2017-09-12 10:16:03 +12:00
Damian Mooyman
22e991ef90 Merge pull request #7344 from creative-commoners/pulls/4.0/email-assertion-return
DOCS Update doc block for TestMailer::findEmail to reflect the new key names
2017-09-08 13:08:03 +12:00
Chris Joe
d1df61a19b Merge pull request #7332 from open-sausages/pulls/4.0/installer-env-cleanup
Ensure installer.php works nicely with .env files
2017-09-07 09:47:56 +12:00
Robbie Averill
a4aa59bfdc DOCS Update doc block for TestMailer::findEmail to reflect the new key names 2017-09-06 16:10:55 +12:00
Damian Mooyman
806ffb934e
BUG Ensure installer.php works nicely with .env files
Unenjoyable cleanup of internal logic
2017-09-06 13:52:51 +12:00
Damian Mooyman
40678d5897 Merge pull request #7342 from open-sausages/pulls/4.0/disable-me-a-plus
Fix permission check for admin role
2017-09-06 11:38:01 +12:00
Christopher Joe
25380eb454 Fix permission check for admin role 2017-09-06 10:21:01 +12:00
Chris Joe
1f5644d143 Merge pull request #7340 from open-sausages/pulls/4.0/toolbar-button-margin
Fix toolbar button margin and spacing
2017-09-05 16:07:32 +12:00
Saophalkun Ponlu
2f7f4e73d9 Fix toolbar button margin and spacing 2017-09-05 15:08:05 +12:00
Damian Mooyman
8425533487 Merge pull request #7336 from open-sausages/pulls/4.0/the-uncontained-popover-was-powerful
Fix add schema to the "auto" parts request
2017-09-05 14:01:12 +12:00
Damian Mooyman
4c84f22b2e Merge pull request #7325 from xini/patch-3
use html5 mark tag to highlight search parameter
2017-09-05 13:38:42 +12:00
Christopher Joe
afda58c515 Fix add schema to the "auto" parts request 2017-09-05 13:12:51 +12:00
Florian Thoma
d1f7e6959f update tests and doc 2017-09-05 09:42:08 +10:00
Robbie Averill
f8372ef6dc MINOR Add default value to ArrayData constructor 2017-09-05 09:42:52 +12:00
Daniel Hensby
16416fe15b Merge pull request #7334 from open-sausages/pulls/4.0/destroyed-cleanup
Remove redundant gc_collect_cycles()
2017-09-04 15:03:09 +01:00
Christopher Joe
120c772966 Add TreeDropdownField from React to Entwine 2017-09-04 12:15:41 +12:00
Saophalkun Ponlu
08fa3d6e3d
Enable TinyMCE list buttons 2017-09-04 09:30:07 +12:00
Damian Mooyman
45998444d7
Remove redundant gc_collect_cycles()
Cleanup dead references to DataObject::$destroyed
Fixes #7326
2017-09-04 09:23:07 +12:00
Florian Thoma
0d15cb02cd use html5 mark tag to highlight search parameter 2017-08-30 12:05:11 +10:00
Chris Joe
76f2358f3b Merge pull request #7324 from open-sausages/pulls/4/env-type-docs
DOCS Corrected env type docs (fixes #7290)
2017-08-30 11:44:55 +12:00
Ingo Schommer
64af679c35 DOCS Corrected env type docs (fixes #7290) 2017-08-30 08:35:41 +12:00
Damian Mooyman
98c10b089c
ENHANCEMENT Allow <% include %> to fallback outside of the Includes folder
Fixes #7108
2017-08-29 16:15:46 +12:00
Christopher Joe
e4b506cbe7
Fix add combinedFiles to clear logic 2017-08-29 13:52:14 +12:00
Sam Minnee
8c15e451c6 FIX: Removed unnecessary database_is_ready call.
This shaves about 45ms from every request (PHP 7.1 on a 2013 rMBP), 
cutting down execution time of a “hello world” controller by about 33%.

database_is_ready is still used in dev/build and ?flush=1 to stop people
from people bypassing security by DOSing the database or otherwise
forcing a DatabaseException
2017-08-25 13:06:12 +12:00
Damian Mooyman
d52e972453 Merge pull request #7308 from creative-commoners/pulls/4.0/fix-alternative-db-name-when-session-not-started
FIX Do not try and access sessions when they are not ready
2017-08-24 16:07:52 +12:00
Robbie Averill
5a9131a116 FIX Do not try and access sessions when they are not ready 2017-08-24 14:43:27 +12:00
Robbie Averill
c4ff9df1b0 FIX Use correct bootstrap class or GridFieldDetailForm delete button 2017-08-24 14:34:06 +12:00
Chris Joe
deec9b411b Merge pull request #7300 from open-sausages/pulls/4.0/flush-live-backurl
BUG Capture errors after a reload token redirect to login url
2017-08-24 14:00:33 +12:00
Damian Mooyman
d5b3280498 Merge pull request #7302 from robbieaverill/pulls/4.0/has-class-returns-bool
API Make FormField::hasClass return a boolean instead of an int
2017-08-24 13:19:30 +12:00
Damian Mooyman
80cf096a6e
BUG Prioritise SS_BASE_URL over flakey SCRIPT_FILENAME check 2017-08-24 12:58:04 +12:00
Damian Mooyman
47fced8880
BUG Capture errors after a reload token redirect to login url
Fixes #7289
2017-08-24 12:55:04 +12:00
Chris Joe
8edf070a13 Merge pull request #7303 from open-sausages/pulls/4.0/constant-logging
BUG Fix BASE_URL for CLI
2017-08-24 11:56:10 +12:00
Loz Calver
ecc619248b Merge pull request #7298 from robbieaverill/pulls/4.0/replace-stat-usage
Replace use of Configurable stat() with config()->get(), will be deprecated in future
2017-08-23 10:12:40 +01:00
Robbie Averill
595ba75a50 API Make FormField::hasClass return a boolean instead of an int 2017-08-23 16:23:28 +12:00
Damian Mooyman
1b087221d2
BUG Fix BASE_URL on CLI
Fixes #7256
2017-08-23 14:48:46 +12:00
Damian Mooyman
2c34af72e1
ENHANCEMENT Log user constants during CI for debugging improvements 2017-08-23 14:23:33 +12:00
Damian Mooyman
14761a9246
Remove mcrypt
Use session for alternativeDatabaseName instead
Fixes #7280
2017-08-23 12:13:32 +12:00
Robbie Averill
8ebc13ae4e Replace use of Configurable stat() with config()->get(), will be deprecated in future 2017-08-23 09:42:10 +12:00
Damian Mooyman
9b4d689bb2 Lazy-load custom methods and extensions on CustomMethods and Extensible traits
No longer need constructExtensions()
2017-08-22 15:47:24 +12:00
Damian Mooyman
fc2a603915 BUG Don’t construct extension_instances on objects that never use them 2017-08-22 15:47:24 +12:00
Damian Mooyman
90ba24733d Reduce unnecessary calls to Extension and DataExtension configs 2017-08-22 15:47:24 +12:00
Damian Mooyman
598a2c91e3 Reduce calls to i18n.default_config 2017-08-22 15:47:24 +12:00
Damian Mooyman
179a9fca28 Merge pull request #7292 from sminnee/injector-dependency-speedup
FIX: Prevent repeated lookup of obj.dependencies by Injector
2017-08-22 14:30:35 +12:00
Sam Minnee
c50cd34df6 FIX: Prevent repeated lookup of obj.dependencies by Injector
This unnecessary repeated call to Injector slows down the construction
of frequently instantiated classes.

On admin/pages, this reduced execution from 1.67s to 1.56s, and it
reduced the impact of having an extension added to DBField by 33%
(from 100ms to 67ms)
2017-08-22 12:12:32 +12:00
Christopher Joe
249c7048d9 Fix trim accept header parts 2017-08-21 15:31:13 +12:00
Chris Joe
c8d8adfefe Merge pull request #7287 from open-sausages/pulls/4.0/fix-multi-configs
BUG Fix issue with multiple editors breaking plugins
2017-08-21 10:58:27 +12:00
Daniel Hensby
304889ff2f Merge pull request #7281 from sminnee/test-php72
NEW: Test on php 7.2
2017-08-18 21:22:10 +01:00
Damian Mooyman
ce5e15df6e BUG Fix issue with multiple editors breaking plugins 2017-08-18 16:33:16 +12:00
Daniel Hensby
33c2c7bfe7
Merge branch '3' into 4 2017-08-17 15:06:00 +01:00
Christopher Joe
9dc11eff43 Enhancement Add a path option for the schema data, so a full tree is not required for this data 2017-08-17 16:08:27 +12:00
Damian Mooyman
bbded44056 Upgrade bootstrap class names 2017-08-16 10:50:09 +12:00
Sam Minnee
0926b04512 FIX: Fix latent bug in DataObject
This didn’t show up until we ran tests on PHP 7.3-dev
2017-08-15 11:13:57 +12:00
Daniel Hensby
c0211927aa
Merge branch '3' into 4 2017-08-14 21:18:03 +01:00
Damian Mooyman
323644c7bb
API Implement cascade_deletes 2017-08-09 15:14:00 +12:00
Robbie Averill
5d5fac7450 FIX Throw exception when "value" is used to define indexes. Update docs. 2017-08-09 09:17:28 +12:00
Damian Mooyman
0681567102 BUG Fix flushing on live mode (#7241)
* BUG Fix flushing on live mode
Fixes #7217

* Clarify injector service documentation
2017-08-07 13:53:23 +12:00
Damian Mooyman
f7bebdd8f8
BUG Fix install issue with IIS
Fixes #7218
2017-08-07 10:15:40 +12:00
Chris Joe
6ebc333e00 Merge pull request #7238 from open-sausages/pulls/4.0/flush-tinymce-cache
ENHANCEMENT Ensure flush destroys temp tinymce files
2017-08-03 19:13:54 +12:00
Damian Mooyman
b6a8e45888
BUG Ensure mocked controller has request assigned
Fixes #7237
2017-08-03 15:52:31 +12:00
Damian Mooyman
06efd2ac12
ENHANCEMENT Ensure flush destroys temp tinymce files 2017-08-03 13:21:48 +12:00
Chris Joe
34ca944bd6 Merge pull request #7235 from open-sausages/pulls/4.0/update-installer
Update installer path to match recipe
2017-08-03 10:58:58 +12:00
Damian Mooyman
e64acef53a BUG Fix invalid i18n yaml 2017-08-03 10:13:09 +12:00
Damian Mooyman
24ab3abbea
Update installer path to match recipe 2017-08-03 10:02:55 +12:00
Damian Mooyman
8418011456
Fix linting issues 2017-08-02 14:08:59 +12:00
Robbie Averill
e307f067ed FIX Replace deprecated %s placeholders in translations with named placeholders
* Remove the use of sprintf and %s placeholders in the i18n tests
2017-08-02 13:03:55 +12:00
Damian Mooyman
ae97c15e42
ENHANCEMENT Soft-code CSS explicit height and compute against rows 2017-08-01 15:46:49 +12:00
Damian Mooyman
078a508d71 API Replace legacy tiny_mce_gzip compressor with asset generator
Fixes https://github.com/silverstripe/silverstripe-admin/issues/74
2017-08-01 13:43:30 +12:00
vagrant
f02949fc09 Initially set a default height for the html editor to 350px 2017-07-31 16:49:48 +12:00
Damian Mooyman
9392380dd1 Merge pull request #7225 from silverstripe/pulls/4.0/injector-extension-setters
Use ClassInfo::hasMethod instead of method_exists()
2017-07-31 10:23:10 +12:00
Damian Mooyman
90f6710020 Merge pull request #7219 from silverstripe/pulls/4.0/dbcomposite-properties
BUGFIX: DBComposite doesn't allow arbitrary property assignment
2017-07-31 10:11:58 +12:00
Aaron Carlino
c9cf7b1d75 Use ClassInfo::hasMethod instead of method_exists()
This allows for setters to exist in extension instances.
2017-07-30 22:43:28 +12:00
Aaron Carlino
9903104fb8 Use parent::setField() 2017-07-30 22:39:42 +12:00
Daniel Hensby
1a4211f089 Merge pull request #7222 from kinglozzer/showqueries-pdo
FIX: ?showqueries=inline failed on PDO databases (fixes #7199)
2017-07-28 10:23:57 +01:00
Loz Calver
980d6b7ef7 FIX: ?showqueries=inline failed on PDO databases (fixes #7199) 2017-07-28 09:33:26 +01:00
Aaron Carlino
3ef9ca69d1 BUGFIX: DBComposite doesn't allow arbitrary property assignment
To be more consistent with `ViewableData`, whose `setField()` method will fallback on [assigning properties arbitrarily](https://github.com/silverstripe/silverstripe-framework/blob/4/src/View/ViewableData.php#L213), `DBComposite` shouldn't bail out of `setField` when the field specified isn't in the record.

Arbitrary property assignment is particularly important in injection.

```yaml
SilverStripe\ORM\FieldType\DBComposite:
  dependencies:
    myService: %$Service
```

Right now, that fails, because `$obj->myService = Service` invokes `__set()` which calls `setField()` which refuses the assignment when `myService`is not in the record.
2017-07-27 17:25:29 +12:00
Damian Mooyman
697798b464 Merge pull request #7206 from open-sausages/pulls/4.0/select-them-all-again
Enhancement add support for TreeMultiselectField in react
2017-07-27 13:41:18 +12:00
Damian Mooyman
7f6974e309
Update PHPDoc 2017-07-27 12:08:42 +12:00
Aaron Carlino
74873096bd New getSummary() API for SearchContext 2017-07-27 11:56:37 +12:00
martimiz
b726d64d1d
Fix SearchEngine to use quoted table names
If quotes are omitted, SQLExpression::sql() cannot replace table names
with the proper table for the current Stage.
2017-07-26 13:42:41 +01:00
Damian Mooyman
9bff74bd61
Clean up all fluent property accessors 2017-07-26 18:14:27 +12:00
Christopher Joe
78d4d0d5dd Enhancement add support for TreeMultiselectField in react 2017-07-26 18:14:08 +12:00
Daniel Hensby
884f53e0f2
Merge branch '3' into 4 2017-07-25 16:17:44 +01:00
Damian Mooyman
2c500c79c3 Merge pull request #7201 from kinglozzer/build-perf
Ensure ClassManifest isn't flushed twice on build
2017-07-25 09:51:00 +12:00
Daniel Hensby
6aeab571db Merge pull request #7195 from open-sausages/pulls/4.0/missing-unnested-from
BUG Fix unassigned nestedFrom
2017-07-24 17:07:07 +01:00
Loz Calver
ad2e1cf552 Ensure ClassManifest isn't flushed twice on build 2017-07-24 09:36:03 +01:00
Robbie Averill
392cda15f6 NEW Add updateRules extension point to Director::handleRequest 2017-07-23 22:10:46 +12:00
Chris Joe
6a3c51e072 Merge pull request #7036 from fullscreeninteractive/wilr-patch-1
Fix ImportButton not opening the modal
2017-07-21 14:10:31 +12:00
Damian Mooyman
6fd6a38949
BUG Fix unassigned nestedFrom
Fixes #7194
2017-07-21 08:58:19 +12:00
Damian Mooyman
e77c7fe04c Merge pull request #7188 from dhensby/pulls/4/fix-full-text-search-table-option
FIX FulltextSearchable  DB engine not set correctly
2017-07-20 12:27:30 +12:00
Loz Calver
c41c0a957b Merge pull request #7163 from sachajudd/pulls/4.0/debugview-info-color
NEW add web accessible colours to web view dev/build
2017-07-19 15:01:36 +01:00
Daniel Hensby
8aeec92087
FIX FulltextSearchable DB engine not set correctly 2017-07-19 12:28:15 +01:00
Daniel Hensby
d7095c2213
Merge branch '3' into 4 2017-07-18 14:19:16 +01:00
Daniel Hensby
d59e2dbe5b Merge pull request #7183 from robbieaverill/pulls/4.0/fix-log-in-as-someone-else
FIX Log in as someone else returns user back to login screen
2017-07-18 11:54:33 +01:00
Sacha Judd
f367a0aa62 NEW add web accessible colours to web view dev/build 2017-07-18 22:00:35 +12:00
Robbie Averill
ba9ad55274 FIX Base URL defaults to a slash in currentURL if not defined already 2017-07-18 21:56:21 +12:00
Robbie Averill
a5ca4ecb59 FIX Log in as someone else returns user back to login screen 2017-07-18 17:15:58 +12:00
Damian Mooyman
ed0ed89865 Merge pull request #7055 from robbieaverill/pulls/4.0/polymorphic-has-one-indexes
NEW Ensure polymorphic has_one fields are indexed
2017-07-18 16:39:45 +12:00
Robbie Averill
fb18e441a7 DBIndexable::getIndexSpecs is responsible for returning a DBFields full indexable spec 2017-07-18 15:03:56 +12:00
Saophalkun Ponlu
c2841b6d64 Enhancement Remove "Remove link" button from the editor's main toolbar
Fix behat for selecting link should focus on field
2017-07-18 13:11:27 +12:00
Damian Mooyman
de7b746094 Merge pull request #7180 from robbieaverill/pulls/4.0/remove-config-update-use
Use merge and set instead of update for config calls
2017-07-18 09:16:20 +12:00
Daniel Hensby
be7b2d4970 Merge pull request #7179 from robbieaverill/pulls/4.0/is-cli-for-phpdbg
FIX Ensure phpdbg calls are registered by SilverStripe core as a CLI call
2017-07-17 14:26:39 +01:00
Robbie Averill
da4e46e4de FIX Use merge and set instead of update for config calls 2017-07-17 17:59:40 +12:00
Robbie Averill
ea4181166f FIX Ensure phpdbg calls are registered by SilverStripe core as a CLI call 2017-07-17 16:56:01 +12:00
Robbie Averill
bd5782adca NEW Allow index type to be configured per DBField instance 2017-07-17 14:36:47 +12:00
Robbie Averill
c9c4390619 NEW Ensure polymorphic has_one fields are indexed
* Add tests for config based indexing on composite DBFields
* Allow fields to have "indexed" option passed via field spec
2017-07-17 14:36:29 +12:00
Robbie Averill
1a38feff22 FIX Version provider uses early bound config getter, move LeftAndMain config to admin module 2017-07-16 16:49:10 +12:00
Daniel Hensby
7fd316d405
Merge branch 3 into 4 2017-07-15 13:20:37 +01:00
Daniel Hensby
be0e16d648 Merge pull request #7170 from robbieaverill/pulls/4.0/ignore-exceptions-on-killing-testdb
FIX Ignore exceptions thrown when deleting test databases
2017-07-14 14:53:51 +01:00
Loz Calver
aafd2a573d Update Convert::memstring2bytes() logic 2017-07-14 09:16:05 +01:00
Damian Mooyman
3a7f9e8eb5 Merge pull request #7167 from open-sausages/pulls/4.0/tree-search-in-forest
API TreeDropdown tree parameter
2017-07-14 16:23:30 +12:00
Simon Erkelens
3e97b99e22 [BUG] Fix issues with multiple authenticators for a single task (#7149)
Using multiple 2FA authenticators, logging out, resetting password etc. proved to be handled wrong.
Example scenario:
The result is an error, because the `renderWrappedController` was called, despite the responses being a set of either array with Content or Form, or a redirect action.

The default action should be followed and not try to render if there is nothing to render

Because the logout (or changepassword, or resetpassword, etc.) has already been handled, the first response is the default authenticator's response. This _could_ be a form (in case of logout without valid token), a content set (reset password) or a form (change password).

This edge case only happens when there are multiple authenticators supporting the requested method that is _not_ login.
2017-07-14 09:20:58 +12:00
Robbie Averill
b16896f22b FIX Ignore exceptions thrown when deleting test databases
This will prevent long runnings builds (e.g. code coverage) from failing when the test database connection is gone (MySQL server has gone away) by the time the shutdown handler runs.
2017-07-13 23:33:51 +12:00
Robbie Averill
823e49526f NEW Allow SSViewer and SSViewer_FromString to be injectable 2017-07-13 20:48:58 +12:00
Christopher Joe
ccda816f90 API added flatList argument for generating the json tree list with a context string property 2017-07-13 17:04:35 +12:00
Damian Mooyman
5fcd7d084f
BUG Fix registered shutdown function not handling responsibility for outputting redirection response 2017-07-13 15:32:39 +12:00
Aaron Carlino
2b266276c2 API Implement new module sorting pattern 2017-07-13 10:27:27 +12:00
Daniel Hensby
b2831b809c Merge pull request #7133 from kinglozzer/cache-classname
Cache ClassInfo::class_name() calls
2017-07-10 13:23:45 +01:00
Damian Mooyman
85359ad59e
BUG Ensure that installer can create an initial admin account
Fixes #7124
2017-07-06 13:30:04 +12:00
Loz Calver
e3e16fe835 Cache ClassInfo::class_name() calls 2017-07-05 15:15:08 +01:00
Daniel Hensby
aafa054cf7 Merge pull request #7129 from mfendeksilverstripe/master
Limited nodes with too many children are no longer accessible
2017-07-05 12:37:26 +01:00
Daniel Hensby
2c5e237a93
Merge pull request #7103 from dnadesign/fix-numericfield-null 2017-07-05 11:45:45 +01:00
Daniel Hensby
2f551c91d7 Merge pull request #6922 from kinglozzer/debugview-styles
Update DebugView styles
2017-07-05 11:35:04 +01:00
Loz Calver
713b01ebc7 Update DebugView styles 2017-07-05 09:14:26 +01:00
Aaron Carlino
c836a2e2d2 BUGFIX: Module resource regex does not allow ports 2017-07-05 13:26:30 +12:00
Mojmir Fendek
3f2d217a45 Limited nodes that have more children than allowed limit are no longer accessible to the user. 2017-07-05 11:34:24 +12:00
John Milmine
f14e6bae2c fix numeric field for null values 2017-07-05 07:35:13 +12:00
Daniel Hensby
64005bff91 Merge pull request #6440 from open-sausages/pulls/4.0/json-detection
ENHANCEMENT: Debug class emits plain text for application/json requests
2017-07-04 13:42:42 +01:00
Damian Mooyman
ed26b251c8
ENHANCEMENT: Better output type detection for debugging 2017-07-04 17:33:49 +12:00
Damian Mooyman
4b23205838
Fix unnamespaced i18n keys
Fixes https://github.com/silverstripe/silverstripe-framework/issues/6862
2017-07-04 14:18:47 +12:00
Damian Mooyman
f65e3627dc
BUG Implement or exclude all pending upgrader deltas 2017-07-03 12:21:47 +12:00
Damian Mooyman
92903d883e Allow editor themes to fall back safely 2017-07-03 10:38:50 +12:00
Aaron Carlino
cddaaf1444 Update TinyMCEConfig to use theme CSS 2017-07-03 10:38:50 +12:00
Daniel Hensby
c69a565b08 Merge pull request #7046 from andrewandante/FEAT/add_inGroup_to_Group
add inGroup(s) methods to Group
2017-06-30 16:38:55 +01:00
Andrew Aitken-Fincham
ab60a167e6 add inGroup(s) methods to Group 2017-06-30 12:47:37 +01:00
Damian Mooyman
3633947699
BUG Fix broken installer assets and session crash 2017-06-30 14:50:58 +12:00
Damian Mooyman
ee05c586b6 Merge pull request #7083 from sminnee/get-one-miss-null
FIX: DataObject::get_one() misses return null, not false
2017-06-30 13:08:20 +12:00
Aaron Carlino
ad9d4e6820 Pulls/4.0/shortcode namespacing (#7085)
* New shortcode providers, update config, docs

* Use new ImageShortcodeProvider

* Move tests

* New shortcodes namespace

* Move file and image shortcode registrations from framework to assets
2017-06-29 18:45:17 +12:00
Christopher Joe
061393a098 Fix enable ?flush rather than just ?flush=1 2017-06-29 16:13:38 +12:00
Daniel Hensby
30986b4ea3
[SS-2017-002] FIX Lock out users who dont exist in the DB 2017-06-29 13:58:55 +12:00
Sam Minnee
2c8790ca7d FIX: DataObject::get_one() misses return null, not false
Fixes https://github.com/silverstripe/silverstripe-framework/issues/5441
2017-06-29 13:51:52 +12:00
Daniel Hensby
e7df10dc52
Merge branch '3' 2017-06-28 18:59:08 +01:00
Damian Mooyman
b2f3b218a3
BUG Fix incorrect $database autoinit
BUG Fix missing $request in Installer bootstrapping
2017-06-28 17:59:16 +12:00
Damian Mooyman
8078ee08f2
BUG Fix folder urls getting mtime querystring appended 2017-06-28 16:59:41 +12:00
Sam Minnee
741166e369 API: ModulePath template global now takes any composer package name.
NEW: URL generation now handled by pluggable ResourceURLGenerator service.
NEW: Requirements::javascript() and Requirements::css() now support “vendor/package:resource” syntax.

These changes will make it easier to us to fully abstract:
 - file access from module location
 - file location from URL generation

API: ModulePath template global now takes any composer package name.
NEW: URL generation now handled by pluggable ResourceURLGenerator service.
NEW: Requirements::javascript() and Requirements::css() now support “vendor/package:resource” syntax.

These changes will make it easier to us to fully abstract:
 - file access from module location
 - file location from URL generation
2017-06-28 16:59:28 +12:00
Saophalkun Ponlu
288de2eb14 BUG Add flag on form whether to notify user when there's unsaved changes 2017-06-28 11:14:12 +12:00
Will Rossiter
ecb5d85de0 Support empty SS_DATABASE_PREFIX 2017-06-28 08:18:21 +12:00
Damian Mooyman
f699650b5f Update based on feedback 2017-06-27 13:32:39 +12:00
Damian Mooyman
d20ab50f9d API Stronger Injector service unregistration
BUG Fix up test regressions
FIX director references to request object
API Move all middlewares to common namespace
API Implement RequestHandlerMiddlewareAdapter
ENHANCEMENT Improve IP address parsing
Fix up PHPDoc / psr2 linting
BUG Fix property parsing in TrustedProxyMiddleware
BUG Fix Director::is_https()
2017-06-27 13:32:39 +12:00
Damian Mooyman
7aa67f856b Move files to middleware folder 2017-06-27 13:32:39 +12:00
Sam Minnee
67887febc5 fix - session now uses request 2017-06-27 13:32:39 +12:00
Sam Minnee
69fe166897 API: Director::handleRequest() is no longer static - use a Director service
NEW: Add HTMLMiddlewareAware trait to HTTPApplication, Director, and RequestHandler
NEW: Allow service specs to be passed to Director rules.

This refactor of the controller middlewares takes a service definition
approach rather than a static-method-and-config approach that Director
historically had.

The use of a trait for middleware means that the Middlewares array
property can be defined on RequestHandler, Director, and HTTPApplication
objects in the same way.
2017-06-27 13:32:39 +12:00
Sam Minnee
e92c63c545 API: Remove $sid argument of Session::start()
NEW: Pass HTTPRequest to session
NEW: Pass HTTPReuqest optionally to Director statics

The session handler now expects to operate on a specific
HTTPRequest object.
2017-06-27 13:32:39 +12:00
Sam Minnee
ccc86306b6 NEW: Add TrustedProxyMiddleware
API: SS_TRUSTED_PROXY_HOST_HEADER replace with middleware config
API: SS_TRUSTED_PROXY_PROTOCOL_HEADER replace with middleware config
API: SS_TRUSTED_PROXY_IP_HEADER replace with middleware config
API: Front-End-Https = “on” header no longer supported

This middleware replaces the TRUSTED_PROXY setting and shifts its
configuration out of the env vars and bootstrap and into the Director
flow.
2017-06-27 13:32:39 +12:00
Sam Minnee
c4d038f20d NEW: Add HTTPRequest::getScheme()/setScheme()
NEW: Add HTTPRequest::setIP()
API: Rely on HTTPRequestBuilder to set scheme and IP

These changes tidy up HTTPRequest making it a container for information
and removing special logic from it.

This makes it less feature-rich: it doesn’t contain trusted-proxy logic.
This will be able to provided by a middleware.

The new getScheme() method is designed to be closish to PSR-7’s
getUri()->getScheme() equivalent.

There are no more direct $_SERVER references in HTTPRequest.
2017-06-27 13:32:39 +12:00
Sam Minnee
4d89daac78 NEW: Register Injector::inst()->get(HTTPRequest)
HTTPRequest is provided as a service so that global references for
session, hostname, etc can be facilitated. It’s a bit of a hack and
should be avoided but we’re unlikely to scrub it completely from the
Silverstripe 4 code.
2017-06-27 13:32:39 +12:00
Sam Minnee
10866c0809 API: Replace Director::direct() with Director::handleRequest().
There was no longer any code in direct() and so I opted to expose the
handleRequest() method instead.
2017-06-27 13:32:39 +12:00
Sam Minnee
72a7655e95 NEW: Moved allowed-hosts checking to a middleware. 2017-06-27 13:32:39 +12:00
Sam Minnee
db080c0603 NEW: Move session activation to SessionMiddleware. 2017-06-27 13:32:39 +12:00
Sam Minnee
254204a3a6 NEW: Replace AuthenticationRequestFilter with AuthenticationMiddleware 2017-06-27 13:32:39 +12:00
Sam Minnee
e855622890 NEW: Replace FlushRequestFilter with FlushMiddleware 2017-06-27 13:32:39 +12:00
Sam Minnee
b30f410ea0 API: Deprecate RequestFilter.
NEW: Allow application of HTTPMiddleware to Director.

Director can now use the same HTTPMiddleware objects as the app object.
They can be applied either globally or pre-rule.
2017-06-27 13:32:39 +12:00
Sam Minnee
26b9bf11ed NEW: Allow “%$” prefix in Injector::get()
Injector::get() looks up services by name. In yaml config it can make
things clearer to prefix service names by %$, which is how they must
be prefixed when referencing nested services within service definitions.

This change means that any other system referencing services will
support an optional prefix without needing to specifically code support
in themselves.
2017-06-27 13:32:39 +12:00
Damian Mooyman
17c8e913bc Merge pull request #7053 from creative-commoners/pulls/4.0/restore-extension-constructor
NEW restored Extension::__construct()
2017-06-26 21:39:55 +12:00
Franco Springveldt
d3d426bdfc NEW restored Extension::__construct() 2017-06-26 17:34:43 +12:00
Sam Minnee
3c35d25a64 FIX: Allow DB::setConfig() in _config.php
This wasn’t working because the database was being validated before
_config.php was loaed.

This is how the installer sets config so this is an important fix.
2017-06-26 14:04:20 +12:00
Ingo Schommer
fa568e333e Fixed linting errors 2017-06-23 11:19:16 +12:00
Will Rossiter
ad54e7eb30 Fix ImportButton not opening the modal 2017-06-23 10:10:01 +12:00
Damian Mooyman
3873e4ba00 API Refactor bootstrap, request handling
See https://github.com/silverstripe/silverstripe-framework/pull/7037
and https://github.com/silverstripe/silverstripe-framework/issues/6681

Squashed commit of the following:

commit 8f65e56532
Author: Ingo Schommer <me@chillu.com>
Date:   Thu Jun 22 22:25:50 2017 +1200

    Fixed upgrade guide spelling

commit 76f95944fa
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Thu Jun 22 16:38:34 2017 +1200

    BUG Fix non-test class manifest including sapphiretest / functionaltest

commit 9379834cb4
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Thu Jun 22 15:50:47 2017 +1200

    BUG Fix nesting bug in Kernel

commit 188ce35d82
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Thu Jun 22 15:14:51 2017 +1200

    BUG fix db bootstrapping issues

commit 7ed4660e7a
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Thu Jun 22 14:49:07 2017 +1200

    BUG Fix issue in DetailedErrorFormatter

commit 738f50c497
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Thu Jun 22 11:49:19 2017 +1200

    Upgrading notes on mysite/_config.php

commit 6279d28e5e
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Thu Jun 22 11:43:28 2017 +1200

    Update developer documentation

commit 5c90d53a84
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Thu Jun 22 10:48:44 2017 +1200

    Update installer to not use global databaseConfig

commit f9b2ba4755
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Wed Jun 21 21:04:39 2017 +1200

    Fix behat issues

commit 5b59a912b6
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Wed Jun 21 17:07:11 2017 +1200

    Move HTTPApplication to SilverStripe\Control namespace

commit e2c4a18f63
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Wed Jun 21 16:29:03 2017 +1200

    More documentation
    Fix up remaining tests
    Refactor temp DB into TempDatabase class so it’s available outside of unit tests.

commit 5d235e64f3
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Wed Jun 21 12:13:15 2017 +1200

    API HTTPRequestBuilder::createFromEnvironment() now cleans up live globals
    BUG Fix issue with SSViewer
    Fix Security / View tests

commit d88d4ed4e4
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Tue Jun 20 16:39:43 2017 +1200

    API Refactor AppKernel into CoreKernel

commit f7946aec33
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Tue Jun 20 16:00:40 2017 +1200

    Docs and minor cleanup

commit 12bd31f936
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Tue Jun 20 15:34:34 2017 +1200

    API Remove OutputMiddleware
    API Move environment / global / ini management into Environment class
    API Move getTempFolder into TempFolder class
    API Implement HTTPRequestBuilder / CLIRequestBuilder
    BUG Restore SS_ALLOWED_HOSTS check in original location
    API CoreKernel now requires $basePath to be passed in
    API Refactor installer.php to use application to bootstrap
    API move memstring conversion globals to Convert
    BUG Fix error in CoreKernel nesting not un-nesting itself properly.

commit bba9791146
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Mon Jun 19 18:07:53 2017 +1200

    API Create HTTPMiddleware and standardise middleware for request handling

commit 2a10c2397b
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Mon Jun 19 17:42:42 2017 +1200

    Fixed ORM tests

commit d75a8d1d93
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Mon Jun 19 17:15:07 2017 +1200

    FIx i18n tests

commit 06364af3c3
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Mon Jun 19 16:59:34 2017 +1200

    Fix controller namespace
    Move states to sub namespace

commit 2a278e2953
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Mon Jun 19 12:49:45 2017 +1200

    Fix forms namespace

commit b65c21241b
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Thu Jun 15 18:56:48 2017 +1200

    Update API usages

commit d1d4375c95
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Thu Jun 15 18:41:44 2017 +1200

    API Refactor $flush into HTPPApplication
    API Enforce health check in Controller::pushCurrent()
    API Better global backup / restore
    Updated Director::test() to use new API

commit b220534f06
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Tue Jun 13 22:05:57 2017 +1200

    Move app nesting to a test state helper

commit 603704165c
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Tue Jun 13 21:46:04 2017 +1200

    Restore kernel stack to fix multi-level nesting

commit 2f6336a15b
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Tue Jun 13 17:23:21 2017 +1200

    API Implement kernel nesting

commit fc7188da7d
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Tue Jun 13 15:43:13 2017 +1200

    Fix core tests

commit a0ae723514
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Tue Jun 13 15:23:52 2017 +1200

    Fix manifest tests

commit ca03395251
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Tue Jun 13 15:00:00 2017 +1200

    API Move extension management into test state

commit c66d433977
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Tue Jun 13 14:10:59 2017 +1200

    API Refactor SapphireTest state management into SapphireTestState
    API Remove Injector::unregisterAllObjects()
    API Remove FakeController

commit f26ae75c6e
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Mon Jun 12 18:04:34 2017 +1200

    Implement basic CLI application object

commit 001d559662
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Mon Jun 12 17:39:38 2017 +1200

    Remove references to SapphireTest::is_running_test()
    Upgrade various code

commit de079c041d
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Wed Jun 7 18:07:33 2017 +1200

    API Implement APP object
    API Refactor of Session
2017-06-22 22:50:45 +12:00
Loz Calver
5d27dccd60 NEW: Add CSRF token to logout action 2017-06-21 15:42:13 +01:00
Damian Mooyman
306d801258 Merge pull request #6984 from dhensby/pulls/4/default-pdo
NEW DB Driver defaults to PDO
2017-06-18 21:27:32 +12:00
Chris Joe
8c91d48d3a Merge pull request #7033 from open-sausages/pulls/4.0/remove-parse-indexspec
FIX Remove reference to removed method parseIndexSpec
2017-06-16 16:40:51 +12:00
Chris Joe
102eaed36c Merge pull request #6722 from open-sausages/pulls/4.0/requirements-html-cleanup
Better HTML generation behaviour for Requirements_Backend
2017-06-16 13:52:06 +12:00
Damian Mooyman
64e802f795
API Move createTag to HTML class
ENHANCEMENT Better HTML generation behaviour for Requirements_Backend
2017-06-16 12:22:05 +12:00
Damian Mooyman
54879402ce
BUG Removed reserved / removed / invalid country codes
Fixes #6996
2017-06-16 11:38:00 +12:00
Damian Mooyman
957d238caa
FIX Remove reference to removed method parseIndexSpec
Fixes #6968
2017-06-16 11:20:52 +12:00
Damian Mooyman
0f90c5b63f ENHANCEMENT Update style of CMSLogin form 2017-06-15 18:13:14 +12:00
Damian Mooyman
024371c37e
API Change authentication ValidationResult handling to pass by-reference 2017-06-15 17:25:23 +12:00
Damian Mooyman
62d095305b
API Update DefaultAdmin services
API Improve validation of authentication process
2017-06-15 15:53:57 +12:00
Simon Erkelens
576eee72dc Remove DefaultAdmin things from Security and Member into the MemberAuthenticator, unifying and removing duplicate code. 2017-06-15 14:20:29 +12:00
Chris Joe
950b1dfec2 Merge pull request #7010 from flamerohr/pulls/4.0/no-path-to-follow
Enhancement show the path which threw the error
2017-06-12 10:36:46 +12:00
Damian Mooyman
0dcfa5fa9d FIX CMSSecurity doesn't have Authenticators assigned. 2017-06-12 10:10:34 +12:00
Christopher Joe
7178caf4a9 Enhancement show the path which threw the error 2017-06-12 10:08:12 +12:00
Simon Erkelens
3fe837dad7 Fix for CMS Authenticator. Should only apply to CMSSecurity 2017-06-10 14:47:53 +12:00
Simon Erkelens
5c4e55b60d It's not CascadeLogInTo anymore, it's CascadeInTo
I'm mildly surprised this didn't break. I changed it to CascadeInTo, as the logout action needs to cascade into the session as well.
2017-06-10 12:58:22 +12:00
Damian Mooyman
d89bd15330
Move authentication hooks to SapphireTest 2017-06-09 16:25:40 +12:00
Damian Mooyman
62753b3cb1
Cleanup and RequestFilter refactor 2017-06-09 15:07:35 +12:00
Simon Erkelens
5fce3308b4 Move LostPasswordHandler in to it's own class.
- Moved the Authenticators from statics to normal
- Moved MemberLoginForm methods to the getFormFields as they make more sense there
- Did some spring-cleaning on the LostPasswordHandler
- Removed the BuildResponse from ChangePasswordHandler after spring cleaning
2017-06-08 20:09:57 +12:00
Simon Erkelens
082db89550 Feedback from Damian.
- Move the success and message to a validationresult
- Fix tests for validationresult return
- We need to clear the session in Test logOut method
- Rename to MemberAuthenticator and CMSMemberAuthenticator for consistency.
- Unify all to getCurrentUser on Security
- ChangePasswordHandler removed from Security
- Update SapphireTest for CMS login/logout
- Get the Member ID correctly, if it's an object.
- Only enable "remember me" when it's allowed.
- Add flag to disable password logging
- Remove Subsites coupling, give it an extension hook to disable itself
- Change cascadeLogInTo to cascadeInTo for the logout method logic naming
- Docblocks
- Basicauth config
2017-06-08 17:50:20 +12:00
Simon Erkelens
2b26cafcff Separate out the log-out handling.
Repairing tests and regressions
Consistently use `Security::getCurrentUser()` and `Security::setCurrentUser()`
Fix for the logout handler to properly logout, some minor wording updates
Remove the login hashes for the member when logging out.
BasicAuth to use `HTTPRequest`
2017-06-07 21:11:58 +12:00
Sam Minnee
f9ea752bae NEW: Add AuthenticationHandler interface
NEW: Add IdentityStore for registering log-in / log-out data
NEW: Add AuthenticationRequestFilter for managing login
NEW: Add Security:setCurrentUser() / Security::getCurrentUser()
NEW: Add FunctionalTest::logOut()
2017-06-07 21:11:55 +12:00
Simon Erkelens
c4194f0ed2 CMS Login Handling
Move to canLogin in the authentication check. Protected isLockedOut

Enable login to be called with a different login service (CMSLogin), enabling CMS Log in. Seems the styling and/or output is still broken.

logOut could be managed from the Authenticator instead of the member
2017-06-07 21:11:54 +12:00
Sam Minnee
7af7e6719e API: Security.authenticators is now a map, not an array
Authenticators is now a map of keys -> service names. The key is used
in things such as URL segments. The “default_authenticator” value has
been replaced with the key “default” in this map, although in time a
default authenticator may not be needed.
IX: Refactor login() to avoid code duplication on single/multiple handlers
IX: Refactor LoginHandler to be more amenable to extension
IX: Fixed permissionFailure hack
his LoginHandler is expected to be the starting point for other
custom authenticators so it should be easier to repurpose components
`of it.
IX: Fix database-is-ready checks in tests.
IX: Fixed MemberAuthenticatorTest to match the new API
IX: Update security URLs in MemberTest
2017-06-07 21:11:53 +12:00
Sam Minnee
e226b67d06 Refactoring of authenticators
Further down the line, I'm only returning the `Member` on the doLogin, so it's possible for the Handler or Extending Handler to move to a second step.
Also cleaned up some minor typos I ran in to. Nothing major.

This solution works and is manually tested for now. Supports multiple login forms that end up in the correct handler. I haven't gotten past the handler yet, as I've yet to refactor my Yubiauth implementation.

FIX: Corrections to the multi-login-form support.

Importantly, the system provide a URL-space for each handler, e.g.
“Security/login/default” and “Security/login/other”. This is much
cleaner than identifying the active authenticator by a get parameter,
and means that the tabbed interface is only needed on the very first view.

Note that you can test this without a module simply by loading the
default authenticator twice:

SilverStripe\Security\Security:
  authenticators:
    default: SilverStripe\Security\MemberAuthenticator\Authenticator
    other: SilverStripe\Security\MemberAuthenticator\Authenticator

FIX: Refactor delegateToHandler / delegateToHandlers to have less
duplicated code.
2017-06-07 21:11:52 +12:00
Daniel Hensby
856aa79892 Merge pull request #6987 from open-sausages/pull/4.0/3239-consisten-fist-last-returns
Consistent return values for first and last methods
2017-06-06 16:59:04 +01:00
Damian Mooyman
8c0ced311f Merge pull request #6998 from AntonyThorpe/StrictFormMethodCheck
Updated Form.php & 04_Form_Security.md  - strictFormMethodCheck to true
2017-06-06 23:06:11 +12:00
Antony Thorpe
6348f2e3e8 Updated Form.php & 04_Form_Security.md
Changed the `strictFormMethodCheck` protected property from false to true to step out on the front foot with this security setting.  In the documentation under the title [Cross-Site Request Forgery](https://github.com/silverstripe/silverstripe-framework/blob/master/docs/en/02_Developer_Guides/09_Security/04_Secure_Coding.md#cross-site-request-forgery-csrf) it states, "it is also recommended to limit form submissions to the intended HTTP verb (mostly GET or POST) through [api:Form::setStrictFormMethodCheck()]."  The same advice is noted in [Form Security](c2292a4cc1/docs/en/02_Developer_Guides/03_Forms/04_Form_Security.md (strict-form-submission)).

Why not make this the default behaviour?  Is there a scenario where this would cause a problem?  Have manually tested in the CMS (alpha7) and is working fine.

Note: Original commit that establised the API Form::setStrictFormMethodCheck is 14c59be8.
2017-06-06 21:10:49 +12:00
Saophalkun Ponlu
e267d29b9a BUG Consistent return values for first and last methods 2017-06-06 17:22:55 +12:00
Christopher Joe
d12c986dd5
Fixes printing from crashing 2017-06-06 13:31:37 +12:00
Daniel Hensby
9a0e01d4a0
NEW DB Driver defaults to PDO 2017-06-01 11:00:35 +01:00
Daniel Hensby
11de4abe0a Merge pull request #6977 from andrewandante/FIX/move_dotenv_higher
move TRUSTED_PROXY below .env loader
2017-05-30 12:41:09 +01:00
Andrew Aitken-Fincham
8f44b8f0ba move trusted_proxy_ips below .env loader 2017-05-30 12:18:47 +01:00
Damian Mooyman
b27ef810d4 Merge pull request #6974 from colintucker/fix-csv-bulk-loader
Fixes a bug with split file names during CSV import
2017-05-30 16:18:06 +12:00
Damian Mooyman
e7d87add9f API Remove legacy HTMLEditor classes 2017-05-30 11:01:28 +12:00
Nick
acb74a8577 Fix $class variable from being clobbered
The $class variable gets overwritten in the function.

This causes error messages to be less helpful. For example if you setup a has_many but forget the has_one on the other side the error will look something like

`[Emergency] Uncaught Exception: No has_one found on class 'SomeObject', the has_many relation from 'SilverStripe\View\ViewableData' to 'SomeObject' requires a has_one on 'SomeObject'`

fixing this gives a more useful error, like

`[Emergency] Uncaught Exception: No has_one found on class 'SomeObject', the has_many relation from 'Page' to 'SomeObject' requires a has_one on 'SomeObject'`
2017-05-29 20:31:09 +12:00
Colin Tucker
db59e51c4a Fixes a bug with split file names during CSV import 2017-05-29 16:08:23 +10:00
Damian Mooyman
963d9197d3
API Ensure that all DataQuery joins are aliased based on relationship name 2017-05-26 13:38:58 +12:00
Daniel Hensby
893f19a5ea
DOCS Updating index definition examples 2017-05-25 23:29:12 +01:00
Daniel Hensby
3e556b5966
NEW Move index generation to DataObjectSchema and solidify index spec 2017-05-25 23:29:12 +01:00
Damian Mooyman
0cd40ca6e5
BUG Fix minor accessors of legacy ->class property 2017-05-25 11:55:12 +12:00
Damian Mooyman
29f450b1e1 Revert injector type hint to Injector 2017-05-25 11:06:48 +12:00
Damian Mooyman
906a4c444b
API Add streamable response object 2017-05-23 16:32:29 +12:00