Commit Graph

340 Commits

Author SHA1 Message Date
Damian Mooyman
309ac0d196 Merge remote-tracking branch 'origin/3.1' into 3.2
Conflicts:
	.travis.yml
	admin/code/CMSProfileController.php
	admin/tests/LeftAndMainTest.php
	control/HTTP.php
	security/Permission.php
	tests/forms/FormTest.php
	tests/model/ArrayListTest.php
	tests/security/PermissionTest.php
2015-09-09 14:35:29 +12:00
Ingo Schommer
dc650e3cf1 Clarify use of HTTP Pragma response header
The HTTP Pragma header is obsolete for HTTP 1.1,
and technically only defined for a HTTP request (not response).
Refer to https://www.mnot.net/cache_docs/#PRAGMA
,http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.32.
It is superseded by the "Cache-Control" directive.

See HTTP 1.1 spec at https://tools.ietf.org/html/rfc7234#section-5.4:
'Because the meaning of "Pragma: no-cache" in responses is
not specified, it does not provide a reliable replacement for
"Cache-Control: no-cache" in them.'

Sending a "Pragma: nocache" response header is a prudent
backwards compatibility measure for HTTP 1.0 clients.
The intended behaviour is for the majority clients as well as any
intermediary proxies to ignore this header.

Sending an empty Pragma is a known hack
for preventing PHP from adding "Pragma: nocache" to responses
with started sessions (see http://php.net/session_cache_limiter),
since PHP does not allow unsetting existing header() calls.
2015-09-01 11:45:30 +12:00
Damian Mooyman
4a011303b9 Add missing packages 2015-08-24 16:15:38 +12:00
Damian Mooyman
1686c83826 Revert #3425 #3396 to restore deprecated functionality
Fixes #4514
2015-08-24 11:26:25 +12:00
Damian Mooyman
7ee444e08a Merge remote-tracking branch 'origin/3.1' into 3.2
Conflicts:
	admin/code/LeftAndMain.php
	control/injector/SilverStripeServiceConfigurationLocator.php
	core/ClassInfo.php
	filesystem/File.php
	model/DataObject.php
	model/DataQuery.php
	search/filters/FulltextFilter.php
	search/filters/SearchFilter.php
	tests/core/ClassInfoTest.php
	tests/filesystem/FileTest.php
	tests/model/DataListTest.php
2015-07-31 11:38:18 +12:00
Daniel Hensby
ffbeac6b7d Ensuring classinfo is case insensitive 2015-07-28 11:17:50 +01:00
Loz Calver
778161931b Merge pull request #4325 from dhensby/pulls/http-fix
Fixing issues with HTTP cache control
2015-07-23 14:12:41 +01:00
Daniel Hensby
ca8d0f2818 Merge branch '3.1' into 3.2
Conflicts:
	dev/Debug.php
	docs/en/05_Contributing/01_Code.md
	forms/FormField.php
	i18n/i18nTextCollector.php
	model/DataQuery.php
2015-07-20 10:48:01 +01:00
Daniel Hensby
33d93c2a31 Fixing issues with HTTP cache control 2015-06-29 22:16:02 +01:00
Damian Mooyman
e14f743bf0 Set deprecation level for all changes in 3.x to 4.0 2015-06-19 13:07:41 +12:00
Damian Mooyman
78a3f703f2 Merge pull request #4178 from dhensby/pulls/cookie-name-normalisation
NEW Cookie names with dots are now handled more gracefully
2015-06-15 11:35:39 +12:00
Daniel Hensby
eaec2ad9a8 Safe unnesting of Config and Injector 2015-06-15 00:23:40 +01:00
Jeremy Shipman
e766658ee3 API: Allow HTTP Cache Headers to be customized 2015-06-13 12:16:56 +12:00
Damian Mooyman
8331171f2c Merge remote-tracking branch 'origin/3.1' into 3
Conflicts:
	.scrutinizer.yml
	admin/javascript/LeftAndMain.Panel.js
	core/startup/ParameterConfirmationToken.php
	dev/Debug.php
	dev/FixtureBlueprint.php
	docs/en/00_Getting_Started/05_Coding_Conventions.md
	docs/en/00_Getting_Started/index.md
	docs/en/02_Developer_Guides/01_Templates/01_Syntax.md
	filesystem/File.php
	filesystem/Folder.php
	forms/FieldList.php
	forms/LabelField.php
	forms/MoneyField.php
	forms/TextField.php
	forms/TreeDropdownField.php
	forms/Validator.php
	forms/gridfield/GridField.php
	forms/gridfield/GridFieldExportButton.php
	lang/de.yml
	lang/fi.yml
	model/DataObject.php
	model/SQLQuery.php
	parsers/ShortcodeParser.php
	security/ChangePasswordForm.php
	security/Security.php
	tests/control/DirectorTest.php
	tests/core/startup/ParameterConfirmationTokenTest.php
	tests/dev/FixtureBlueprintTest.php
	tests/forms/FieldListTest.php
	tests/forms/MoneyFieldTest.php
	tests/model/SQLQueryTest.php
	tests/security/SecurityTest.php
2015-06-02 19:13:38 +12:00
Damian Mooyman
0a8f328947 Fix merge / test regressions 2015-05-28 16:59:05 +12:00
Damian Mooyman
75137dbab2 Ensure only trusted proxy servers have control over certain HTTP headers 2015-05-28 10:12:46 +12:00
Damian Mooyman
22a35e48a9 BUG Fix malformed urls redirecting to external sites 2015-05-28 10:12:18 +12:00
Daniel Hensby
ce5a8f2b41 NEW Cookie names with dots are now handled more gracefully 2015-05-12 10:49:58 +01:00
Stevie Mayhew
0d94cf15a5 UPDATE: change all instances of $this->request to use appropriate getter/setter 2015-04-30 11:04:08 +12:00
Daniel Hensby
060c550d75 Merge pull request #4039 from jacobbuck/httpresponse-isfinished-status
Add more 3xx status codes to SS_HTTPResponse::isFinished() method
2015-03-31 21:21:00 +01:00
Damian Mooyman
43f49e8434 Merge remote-tracking branch 'origin/3.1' into 3
Conflicts:
	admin/code/ModelAdmin.php
	control/Director.php
	model/SQLQuery.php
	security/Member.php
	tests/control/HTTPTest.php
	tests/model/SQLQueryTest.php
	tests/security/SecurityTest.php
	tests/view/SSViewerTest.php
2015-03-31 19:54:15 +13:00
Sean Harvey
a7d3f89136 BUG Check for existence of HTTP_USER_AGENT to avoid E_NOTICE error.
In some cases, a request may not have an HTTP_USER_AGENT. This should
check the variable exists before attempting to check it. The specific
case where it failed for me was Active Directory Federation Services
sending a web request to a SilverStripe site, but failing because it
doesn't have an agent string.
2015-03-26 12:17:22 +13:00
Jacob Buck
03ec9e80f0 Add more 3xx status codes to SS_HTTPResponse::isFinished method 2015-03-26 11:48:24 +13:00
Damian Mooyman
ee9bddb808 BUG Fix SS-2015-010 2015-03-20 17:30:37 +13:00
Daniel Hensby
f568052044 Testing empty absolute urls and more thorough tests 2015-03-13 13:56:14 +00:00
Damian Mooyman
dff65867cc Merge remote-tracking branch 'origin/3.1' into 3
Conflicts:
	control/HTTP.php
	control/HTTPResponse.php
	docs/en/05_Contributing/01_Code.md
	forms/CompositeField.php
	forms/FormAction.php
	forms/FormField.php
	forms/InlineFormAction.php
	forms/NumericField.php
	forms/TreeDropdownField.php
	forms/TreeMultiselectField.php
	templates/forms/TreeDropdownField.ss
	tests/core/CoreTest.php
	tests/forms/NumericFieldTest.php
	tests/model/DataDifferencerTest.php
2015-02-20 10:17:19 +13:00
Fred Condo
5047143e7b Correct return statements in SS_HTTPResponse
- setBody failed to return a value; it now returns $this as related methods do
- getHeader had an extra, unreachable return statement; removed
2015-02-18 10:32:33 -08:00
jaredkipe
de09bffd84 Update Controller to allow extension in handleAction()
Controller's parent class (RequestHandler) has two extensions in its handleAction() method that are obscured by Controller's implementation.
2015-02-08 19:43:44 +13:00
Damian Mooyman
70e0d60f93 BUG Fix developer output in redirection script 2015-02-05 11:32:31 +13:00
John Milmine
06b142a1e5 adding config variable to cancel ajax caching 2015-01-29 14:19:08 +13:00
Pedro Rodrigues
77f2c81e3d Minor typo on HTTPRequest.php 2015-01-24 21:07:40 +01:00
Damian Mooyman
0b1f297873 Merge remote-tracking branch 'origin/3.1'
Conflicts:
	.travis.yml
	README.md
	admin/code/LeftAndMain.php
	admin/css/screen.css
	admin/scss/screen.scss
	api/RestfulService.php
	conf/ConfigureFromEnv.php
	control/injector/ServiceConfigurationLocator.php
	control/injector/SilverStripeServiceConfigurationLocator.php
	core/ClassInfo.php
	core/Object.php
	css/AssetUploadField.css
	css/ComplexTableField_popup.css
	dev/CSSContentParser.php
	dev/DevelopmentAdmin.php
	docs/en/changelogs/index.md
	docs/en/misc/contributing/code.md
	docs/en/reference/execution-pipeline.md
	filesystem/GD.php
	filesystem/ImagickBackend.php
	filesystem/Upload.php
	forms/Form.php
	forms/FormField.php
	forms/HtmlEditorConfig.php
	forms/gridfield/GridFieldDetailForm.php
	forms/gridfield/GridFieldSortableHeader.php
	lang/en.yml
	model/Aggregate.php
	model/DataList.php
	model/DataObject.php
	model/DataQuery.php
	model/Image.php
	model/MySQLDatabase.php
	model/SQLQuery.php
	model/fieldtypes/HTMLText.php
	model/fieldtypes/Text.php
	scss/AssetUploadField.scss
	search/filters/SearchFilter.php
	security/Authenticator.php
	security/LoginForm.php
	security/Member.php
	security/MemberAuthenticator.php
	security/MemberLoginForm.php
	security/Security.php
	tests/behat/features/bootstrap/SilverStripe/Framework/Test/Behaviour/CmsFormsContext.php
	tests/control/HTTPTest.php
	tests/control/RequestHandlingTest.php
	tests/filesystem/UploadTest.php
	tests/forms/FormTest.php
	tests/forms/NumericFieldTest.php
	tests/model/DataListTest.php
	tests/model/DataObjectTest.php
	tests/model/TextTest.php
	tests/security/MemberAuthenticatorTest.php
	tests/security/SecurityDefaultAdminTest.php
	tests/view/SSViewerCacheBlockTest.php
	tests/view/SSViewerTest.php
2014-11-18 12:45:54 +13:00
Simon Welsh
73b591a79d Correct regression around ?flush
?flush used to work. There's no reason why it shouldn't.
2014-10-30 20:51:05 +11:00
Gabriele Brosulo
2cf11abecb Session keys are case sensitive 2014-10-24 09:59:28 +02:00
Damian Mooyman
1e612607aa Suggested improvements / test case fixes 2014-10-10 09:28:11 +13:00
Daniel Hensby
3b9056fc01 NEW Cookie_Backend for managing cookie state
I've decoupled `Cookie` from the actual act of setting and getting
cookies. Currently there are a few limitations to how Cookie works that
this change mitigates:

0. `Cookie` currently changes the super global `$_COOKIE` when setting
to make the state of an application a bit more managable, but this is
bad because we shouldn't be modifying super globals
0. One can't actually change the `$cookie_class` once the
`Cookie::$inst` has been instantiated
0. One can't test cookies as there is no class that holds the state of
the cookies (it's just held in the super global which is reset as part
of `Director::test()`
0. One can't tell the origin of a cookie (eg: did the application set it
and it needs to be sent, or did we receive it from the browser?)
0. `time()` was used, so testing was made difficult
0. There was no way to get all the cookies at once (without accessing
the super global)

Todos are on the phpdoc and I'd like to write some tests for the backend
as well as update the docs (if there are any) around cookies.
DOCS Adding `Cookie` docs

Explains basic usage of `Cookie` as well as how the `Cookie_Backend`
controls the setting and getting of cookies and manages state of sent vs
received cookies
Fixing `Cookie` usage

`Cookie` is being used inconsistently with the API throughout framework.
Either by not using `force_expiry` to expire cookies or setting them to
null and then expiring them (which is redundant).
NEW `Director::test()` takes `Cookie_Backend` rather than `array` for `$cookies` param
2014-10-06 17:44:51 +13:00
Sean Harvey
563155391f API Cookies set via Cookie::set() are now HTTP only by default 2014-09-24 17:48:13 +12:00
Sean Harvey
07eef2ece2 Removing deprecated class/functions marked for deprecation in 3.0/3.1 2014-08-25 12:06:05 +12:00
Damian Mooyman
96d0874953 BUG Fix issue with inheritance of Injector service configuration 2014-08-25 10:23:01 +12:00
Stig Lindqvist
c8c1833e09 Merge pull request #3418 from halkyon/remove_supression
Remove @ suppression operator on session_start()
2014-08-22 17:08:10 +12:00
Sean Harvey
8063b349c8 BUG Fixing Director::test() failing on BASE_URL prefixed URLs
Example: you have a site in a sub-directory off the webroot, you call
->Link() on a SiteTree record, which returns "/[sitedir]/my-page", and
you pass this URL to Director::test(). It's a valid URL, but
Director::test() will throw a 404.

Director::test() should be ensuring that all URLs passed to it are
properly made relative, not just in the case where it thinks the URL
is absolute.
2014-08-22 15:21:53 +12:00
Sean Harvey
2b316e79e5 NEW Provide a consistent way of triggering flush
Provides an interface for classes to implement their own flush()
functionality. This function gets called early in a request on
all implementations of Flushable when flush=1|all is requested in the
URL.

This fix came out of an issue where Requirements combined files were not
being cleaned up after dev/build?flush=1, due to the fact that flush
would only occur when you called it while on a page that used those
combined files, but not in any other contexts. This will now call flush
on any implementors of Flushable regardless of the context of where
flush was called.
2014-08-22 09:24:27 +12:00
Sean Harvey
0b5599e21b Remove suppression operator on session_start()
This was originally added to stop PHP on Windows complaining that it
couldn't garbage collect old sessions, but that was for an old version
of PHP years ago and doesn't seem to be an issue any longer. We
really shouldn't be suppressing this. If session_start() threw a
warning that it couldn't write to the filesystem, then we wouldn't
know about it at all.
2014-08-21 17:38:49 +12:00
Damian Mooyman
eb069e605d Remove all redundant whitespace 2014-08-19 09:17:15 +12:00
Mateusz Uzdowski
8bf3853887 Merge remote-tracking branch 'origin/3.1'
Conflicts:
	docs/en/misc/contributing/issues.md
	docs/en/reference/uploadfield.md
	forms/HtmlEditorField.php
	i18n/i18n.php
	javascript/HtmlEditorField.js
	model/DB.php
	model/Image.php
	model/SQLQuery.php
2014-08-14 09:08:26 +12:00
Daniel Hensby
4d7c6a206a Fixing header case 2014-08-13 17:28:36 +01:00
Marcus Nyeholt
b273f3b524 API Updated aspect proxy service
- Updated AspectProxyService to handle multiple handlers for each proxied
  object's methods.
- Changed BeforeCallAspect to allow for providing a return value that
  should be returned to the caller instead of the proxied return value
- Changed AfterCallAspect behaviour to allow for returning the value of
  the aspect to the caller instead of the proxied return value
2014-08-06 13:48:26 +10:00
Damian Mooyman
a89dbd29e1 Revert #3345 #3323 2014-07-31 17:05:57 +12:00
Daniel Hensby
419f308544 FIX Handle empty URLs that are made absolute
When the email sender makes the links absolute, it can't handle empty `href` or `src` attributes as there's no expectation that the string length could be 0
2014-07-25 13:09:47 +01:00
Damian Mooyman
0433ba1642 BUG Revert some changes to ManyManyList
BUG Fix incompatibility in Member_GroupList
Fix regressions in merges from 3.1
BUG Fix Security failing on test classes
BUG Fix postgresql compatibility
Clarify sql encoding of table names
2014-07-23 12:38:41 +12:00