Ingo Schommer
e2267a0728
ENHANCEMENT Added sapphire/docs (migrated from https://github.com/chillu/silverstripe-doc-restructuring )
2011-02-07 19:57:36 +13:00
Sean Harvey
a96e5a7dd5
BUGFIX #6291 Remove rollback action from CMSMain allowed_actions and rely on form action_rollback instead which is safer (from r115440)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@115919 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:27:38 +13:00
Ingo Schommer
e1742760c0
BUGFIX Checking for existence of FormAction in Form->httpSubmission() to avoid bypassing $allowed_actions definitions in controllers containing this form
...
BUGFIX Checking for $allowed_actions in Form class, through Form->httpSubmission() (from r115182)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@115191 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:27:38 +13:00
Ingo Schommer
459a524388
BUGFIX Disallow web access to sapphire/silverstripe_version to avoid information leakage (from r114773)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@114776 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:27:38 +13:00
Ingo Schommer
061d2ecc0e
BUGFIX Avoid potential referer leaking in Security->changepassword() form by storing Member->AutoLoginHash in session instead of 'h' GET parameter (from r114758)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@114763 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:27:38 +13:00
Ingo Schommer
5b0ecd913f
BUGFIX: Fixed CSRF warning in image form after selecting a folder. (from r80237)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@114741 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:27:38 +13:00
Ingo Schommer
bed7d8cee6
BUGFIX Escaping $locale values in Translatable->augmentSQL() in addition to the i18n::validate_locale() input validation (from r114515) (from r114516)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@114517 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:27:38 +13:00
Ingo Schommer
51e55681f4
BUGFIX Limiting usage of mcrypt_create_iv() in RandomGenerator->generateEntropy() to *nix platforms to avoid fatal errors (specically in IIS) (from r114510) (from r114512)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@114513 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:27:38 +13:00
Ingo Schommer
a7c8de9bdf
BUGFIX Using RandomGenerator class in Member->logIn(), Member->autoLogin() and Member->generateAutologinHash() for better randomization of tokens. Increased VARCHAR length of 'RememberLoginToken' and 'AutoLoginHash' fields to 1024 characters to support longer token strings. (from r114504) (from r114507)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@114509 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:27:38 +13:00
Ingo Schommer
0fb19f2884
BUGFIX Using RandomGenerator class in SecurityToken->generate() for more random tokens (from r114500)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@114502 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:27:38 +13:00
Ingo Schommer
67af64f484
ENHANCEMENT Added RandomGenerator for more secure CRSF tokens etc. (from r114497) (from r114499)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@114501 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:27:38 +13:00
Rainer Spittel
0e5d48fa6a
BUGFIX Removing quotes from test data in RestfulServiceTest, it gives different results depending on magic_quotes_gpc setting on PHP configuration (merged from r80132).
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@114266 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:27:37 +13:00
Ingo Schommer
2d1d5363c8
API CHANGE Using Controller::join_links() to construct links in ComplexTableField and TableListField (partially merged from r88495, r96775)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@113321 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:27:37 +13:00
Ingo Schommer
09d25b0d70
BUGFIX: Fixed Controller::join_links() handling of fragment identifiers (merged from r104580)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@113319 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:27:37 +13:00
Ingo Schommer
452a8f8839
MINOR Using SecurityToken in ViewableData->getSecurityID() (from r113274)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@113312 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:27:37 +13:00
Ingo Schommer
7aa32c089b
ENHANCEMENT Added Form->enableSecurityToken() as a counterpart to the existing disableSecurityToken() (from r113284)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@113305 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:27:37 +13:00
Ingo Schommer
af92845ebb
MINOR Reverted commented out code (regression from r113293)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@113303 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:27:37 +13:00
Ingo Schommer
75bd92de3c
BUGFIX Clear static marking caches on Hierarchy->flushCache() (from r113277)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@113302 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:27:37 +13:00
Ingo Schommer
2627281d5c
BUGFIX Fixed ComplexTableField and TableListField GET actions against CSRF attacks (with Form_SecurityToken->checkRequest()) (from r113276)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@113301 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:27:37 +13:00
Ingo Schommer
79bc6d5a21
MINOR Fixed HTTPRequest class usage (regression from r113293)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@113298 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:27:37 +13:00
Ingo Schommer
b305ea0fc0
API CHANGE Added security token to TableListField->Link() in order to include it in all URL actions automatically. This ensures that field actions bypassing Form->httpSubmission() still get CSRF protection (from r113275)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@113297 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:27:37 +13:00
Ingo Schommer
2cc957a702
BUGFIX Using current controller for MemberTableField constructor in Group->getCMSFields() instead of passing in a wrong instance (Group) (from r113273)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@113294 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:27:36 +13:00
Ingo Schommer
9fff91dc08
ENHANCEMENT Added SecurityToken to wrap CSRF protection via "SecurityID" request parameter (from r113272)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@113293 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:27:36 +13:00
Ingo Schommer
fd97e80224
BUGFIX Add PHPUnit includes to SapphireTest class (can be loaded outside of TestRunner for static calls, in which case the PHPUnit autoloaders/includes aren't in place yet) (merged from r113156)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@113158 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:27:36 +13:00
Ingo Schommer
eec37c2694
BUGFIX Using mock controller in RestfulServiceTest to avoid problems with missing require() calls for PHPUnit/Framework.php (performed in recently merged PHPUnitWrapper::init() which is never called for "nested" true HTTP calls within unit tests). Mostly merged from branches/2.4.
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@111837 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:27:36 +13:00
Ingo Schommer
9994a9c948
BUGFIX Renamed PHPUnit wrappers not to use underscores in classnames, as this confuses ManifestBuilder prior to the 2.4 release
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@111836 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:27:36 +13:00
Ingo Schommer
1176bab306
MINOR: added phpdoc to the new PHPUnitWrapper classes.
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@111835 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:27:36 +13:00
Ingo Schommer
d3d9e4560b
ENHANCEMENT: refactored runTests, using the new phpunit wrapper classes.
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@111834 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:27:36 +13:00
Ingo Schommer
a57a027c43
API-CHANGE: remove include which is not required.
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@111833 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:27:36 +13:00
Ingo Schommer
534da4e076
ENHANCEMENT: Created a phpunit wrapper class to ensure that Sapphire's test framework is capable of running unit tests, coverage report and retrieve clover-statistics for PHPUnit 3.4 and PHPUnit 3.5
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@111832 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:27:36 +13:00
Ingo Schommer
a5dfb6257d
ENHACENEMENT: Change behaviour of the MenufestBuilder to use spl_autoload_register instead of traditional __autoload.
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@111831 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:27:36 +13:00
Ingo Schommer
bdd30fa4fd
API CHANGE Don't reflect changes in File and Folder property setters on filesystem before write() is called, to ensure that validate() applies in all cases. This fixes a problem where File->setName() would circumvent restrictions in File::$allowed_extensions ( fixes #5693 )
...
API CHANGE Removed File->resetFilename(), use File->updateFilesystem() to update the filesystem, and File->getRelativePath() to just update the "Filename" property without any filesystem changes (emulating the old $renamePhysicalFile method argument in resetFilename())
API CHANGE Removed File->autosetFilename(), please set the "Filename" property via File->getRelativePath()
MINOR Added unit tests to FileTest and FolderTest (some of them copied from FileTest, to test Folder behaviour separately)
ENHANCEMENT Added File::$allowed_extensions (backport from 2.4 to enable File->validate() security fix)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@108062 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:27:36 +13:00
Ingo Schommer
c1295753b9
BUGFIX: Don't allow direct access to PHP files in sapphire module, except for main.php and static-main.php (from r108023)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@108043 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:27:36 +13:00
Ingo Schommer
dd696808b5
MINOR Added querystring option to Makefile (from r103884)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@103897 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:27:36 +13:00
Ingo Schommer
28e20364fd
ENHANCEMENT Allowing TestRunner? to skip certain tests through the ?SkipTests?=... GET paramete (merged from branches/2.3-nzct) (from r80646)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@103684 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:27:35 +13:00
Ingo Schommer
0b79e85cc8
MINOR: Fixed FileTest execution if the assets/ directory doesn't exist. (from r88353) (from r98086)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@103521 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:27:35 +13:00
Sean Harvey
8e5239ff57
MINOR Fixed missing closing <div> in ContentController->successfullyinstalled() (from r101254)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@101258 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:27:35 +13:00
Ingo Schommer
b83797de10
BUGFIX Don't delete index.php after successful installation - in ContentController->deleteinstallfiles(). URL routing might rely on it without mod_rewrite.
...
BUGFIX Require ADMIN permissions for ContentController->deleteinstallfiles() - together with retaining index.php this removed a vulnerability where unauthenticated users can disrupt mod_rewrite-less URL routing. (from r101227)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@101229 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:27:35 +13:00
Ingo Schommer
e3c6732551
BUGFIX Fixing Member_ProfileForm to validate for existing members via Member_Validator to avoid CMS users to switch to another existing user account by using their email address (from r100704) (from r100717)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@100744 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:27:35 +13:00
Ingo Schommer
da691ecb0c
MINOR Readded sapphire/thirdparty modules without svn:externals
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@99765 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:27:35 +13:00
Ingo Schommer
add3165333
MINOR Fixed HTTPTest->testSetGetVar() (merged from r98409)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@98410 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:27:35 +13:00
Ingo Schommer
5b8161012c
MINOR Fixed HTTPTest->testSetGetVar() (merged from r98407)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@98408 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:27:35 +13:00
Ingo Schommer
8698e94ae0
MINOR Added test case for Hierarchy::getDescendantIDList() which also tests Hierarchy::loadDescendantIDListInto() (merged from r98369)
...
MINOR Testing of grand-children items in HierarchyTest::testLoadDescendantIDListIntoArray() and HierarchyTest::testNumChildren() (merged from r98376)
BUGFIX #5044 Hierarchy::loadDescendantIDListInto() now uses Object::getExtensionInstance('Hierarchy') instead of going through call(), as PHP 5.3 has issues converting references to values
BUGFIX Fixed Hierarchy->loadDescendantIdList() to call setOwner() on the extension instance. This was necessary due to underlying Object/Extension changes in 2.4. (merged from r98403)
MINOR Fixed HierarchyTest assertions around including grand children counts (merged from r98403)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@98405 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:27:35 +13:00
Ingo Schommer
58dc696497
MINOR Fixed HTTPTest when invoked through dev/tests/all or with GET parameters (see r98373) (merged from r98383)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@98384 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:27:35 +13:00
Ingo Schommer
b3931cc707
API CHANGE HTTP::setGetVar() always returns absolute URLs. Use Director::makeRelative() to make them relative again. (merged from r98373)
...
API CHANGE HTTP::setGetVar() combines any GET parameters in PHP array notation (e.g. "foo[bar]=val") instead of replacing the whole array (merged from r98373)
BUGFIX HTTP::setGetVar() uses parse_url() and http_build_query() to add query parameters to an existing URL, instead of doing its own regex-based parsing. This means existing GET parameters are correctly url encoded. (merged from r98373)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@98375 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:27:35 +13:00
Andrew O'Neil
8906391495
BUGFIX: Don't force SSL when running from CLI
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@98273 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:27:35 +13:00
Ingo Schommer
747b0996fe
BUGFIX Disabled ?debug_profile=1 on live environment types (merged from r80057)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@98230 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:27:34 +13:00
Ingo Schommer
0c684b8061
BUGFIX Limiting ?debug_memory parameter to development environments through using Debug::message() instead of a straight echo() (merged from r74067)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@98229 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:27:34 +13:00
Sam Minnee
909de1f454
ENHANCEMENT: Removed dev/reset, instead encouraging the use of dev/tests/startsession for tests.
...
ENHANCEMENT: Let people use dev/tests/startsession without a fixture, instead calling requireDefaultRecords
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@98081 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:27:34 +13:00
Will Rossiter
cd64c943f7
MINOR: fixed notice level error when ImageSource isnt set
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@97004 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:27:34 +13:00