Commit Graph

102 Commits

Author SHA1 Message Date
Aaron Carlino
6bf9542d66 [SS-2018-021] Patch SQL Injection vulnerability when arrays are assigned to DataObject Fields 2019-02-12 21:36:50 +13:00
Robbie Averill
4182d1b60c Merge branch '3.6' into 3.7 2019-01-29 13:59:56 +02:00
Loz Calver
746c0679ad FIX: Injector may instantiate prototypes as if they're singletons (fixes #8567) 2019-01-23 11:47:28 +00:00
Sam Minnee
c5201dc01a FIX: Allow DataObjectTest to be run by itself 2018-10-03 13:19:29 +13:00
Damian Mooyman
4a0e5b6367
BUG Fix crash on fixed_fields in default_sort 2018-06-07 14:54:04 +12:00
Jonathon Menz
c767e472dc FIX DataObject singleton creation
Ensure DataObject instances are aware they are singletons so functions like populateDefaults() can be skipped. (fixes #4878)
2018-02-12 20:30:35 -08:00
Daniel Hensby
1ae07ac2a3
TEST Prove LastEdited is updated when no changes are made 2017-08-16 22:26:47 +01:00
Daniel Hensby
24a768ae14
Merge branch '3.4' into 3.5 2017-05-26 14:57:15 +01:00
Daniel Hensby
85f0650796
Remove unnecessary nesting of config/injector in tests 2017-05-24 16:05:39 +01:00
Daniel Hensby
9a6121c867
Merge branch '3.4' into 3 2016-10-16 22:56:37 +01:00
Jonathon Menz
797be6ac82 FIX Revert natural sort
More backwards compatible and more consistent with ORM sorting (fixes #6124)
2016-10-04 13:56:12 -07:00
Stephan van Diepen
95b66d19b2
Added MySQL support for Bigint.
Conflicts:
	model/MySQLDatabase.php
2016-09-30 16:38:25 +01:00
Damian Mooyman
6035be7e57 Merge pull request #5548 from kinglozzer/4661-extrafields-casting
FIX: castingHelper failed to find many_many_extraFields data (fixes #4661)
2016-05-19 14:10:37 +12:00
Damian Mooyman
8ed25ae482 BUG Fix DataObject::isChanged() detecting non saveable changes (#5545) 2016-05-18 09:00:04 +10:00
Loz Calver
7a81372294 FIX: castingHelper failed to find many_many_extraFields data (fixes #4661) 2016-05-17 16:04:28 +01:00
Daniel Hensby
e8962b95d0
Merge branch '3.1' into 3.2 2016-05-12 16:05:54 +01:00
Loz Calver
5b275376d3
Many many bug 2016-05-12 12:38:04 +01:00
Daniel Hensby
dad3784621 Fixing issue where words ending ay/ey/iy/oy/uy are not pluralised correctly 2015-11-06 16:23:45 +00:00
Damian Mooyman
c4710b2272 Merge remote-tracking branch 'origin/3.1' into 3.2
Conflicts:
	admin/code/GroupImportForm.php
	admin/code/MemberImportForm.php
	tests/model/DataListTest.php
2015-09-15 13:18:47 +12:00
Damian Mooyman
7367cf54c4 [ss-2015-020]: Prevent possible Privilege escalation 2015-09-10 13:01:24 +12:00
Damian Mooyman
7ee444e08a Merge remote-tracking branch 'origin/3.1' into 3.2
Conflicts:
	admin/code/LeftAndMain.php
	control/injector/SilverStripeServiceConfigurationLocator.php
	core/ClassInfo.php
	filesystem/File.php
	model/DataObject.php
	model/DataQuery.php
	search/filters/FulltextFilter.php
	search/filters/SearchFilter.php
	tests/core/ClassInfoTest.php
	tests/filesystem/FileTest.php
	tests/model/DataListTest.php
2015-07-31 11:38:18 +12:00
Russell
51722e3d12 DataObject accept arrays or stdClass
The constructor of DataObject can take an array or stdClass for $record.
However, it is access as an array [here](https://github.com/silverstripe/silverstripe-framework/blob/3.1/model/DataObject.php#L416) and [here](https://github.com/silverstripe/silverstripe-framework/blob/3.1/model/DataObject.php#L431)

This pull request ensures $record is an array after validation
2015-07-27 10:29:34 +01:00
Ingo Schommer
b95fdc7ba0 Merge pull request #4286 from tractorcow/pulls/3.2/fix-public-validate
API Revert DataObject::validate to 3.1 method signature (protected)
2015-06-17 15:36:03 +12:00
Damian Mooyman
0abacaead6 Merge remote-tracking branch 'origin/3.1' into 3
Conflicts:
	admin/code/LeftAndMain.php
	forms/EmailField.php
	forms/Form.php
	forms/HeaderField.php
	forms/LiteralField.php
	forms/PasswordField.php
	forms/TextareaField.php
	forms/TreeDropdownField.php
	model/DataObject.php
	tests/forms/uploadfield/UploadFieldTest.php
	tests/model/DataObjectTest.php
2015-06-17 11:24:25 +12:00
Daniel Hensby
6169bf2760 FIX No longer caching has_one after ID change 2015-06-16 17:38:34 +01:00
Damian Mooyman
58cc3da8d8 API Revert DataObject::validate to 3.1 method signature (protected) 2015-06-16 11:59:21 +12:00
Loz Calver
835ee69339 NEW: Only validate DataObject model definitions during a build 2015-03-13 16:16:16 +00:00
Loz Calver
c58f4c469d Replace core uses of DataObject::has_one/has_many/many_many 2015-03-13 16:16:12 +00:00
Loz Calver
7e2a00aa3d Refactor DataObject has_one/has_many/many_many methods 2015-03-13 15:15:23 +00:00
Loz Calver
203f77116b Fixes, tests and documentation for multiple many_manys between the same class 2015-03-13 09:27:23 +00:00
Damian Mooyman
319b96b48b Merge remote-tracking branch 'origin/3.1' into 3
Conflicts:
	docs/en/02_Developer_Guides/09_Security/04_Secure_Coding.md
	docs/en/05_Contributing/01_Code.md
	forms/TreeDropdownField.php
	model/DataObject.php
	security/Member.php
	tests/model/DataObjectTest.php
2015-03-11 11:40:06 +13:00
Will Rossiter
548f297563 Merge pull request #3890 from dhensby/pulls/testonly
Cleaning up Test DataObjects to ensure TestOnly is implemented
2015-02-28 18:06:53 +13:00
Loz Calver
3a7e24a220 FIX: Unable to access a list of all many_many_extraFields 2015-02-25 10:33:50 +00:00
Damian Mooyman
dff65867cc Merge remote-tracking branch 'origin/3.1' into 3
Conflicts:
	control/HTTP.php
	control/HTTPResponse.php
	docs/en/05_Contributing/01_Code.md
	forms/CompositeField.php
	forms/FormAction.php
	forms/FormField.php
	forms/InlineFormAction.php
	forms/NumericField.php
	forms/TreeDropdownField.php
	forms/TreeMultiselectField.php
	templates/forms/TreeDropdownField.ss
	tests/core/CoreTest.php
	tests/forms/NumericFieldTest.php
	tests/model/DataDifferencerTest.php
2015-02-20 10:17:19 +13:00
Daniel Hensby
0ca0bb55b0 Cleaning up Test DataObjects to ensure TestOnly is implemented 2015-02-12 15:22:29 +00:00
Loz Calver
77ebdc22fa FIX: DataObject::db returned fields in incorrect order, with incorrect data types
fixes #3802
2015-01-19 20:38:08 +00:00
Damian Mooyman
0b1f297873 Merge remote-tracking branch 'origin/3.1'
Conflicts:
	.travis.yml
	README.md
	admin/code/LeftAndMain.php
	admin/css/screen.css
	admin/scss/screen.scss
	api/RestfulService.php
	conf/ConfigureFromEnv.php
	control/injector/ServiceConfigurationLocator.php
	control/injector/SilverStripeServiceConfigurationLocator.php
	core/ClassInfo.php
	core/Object.php
	css/AssetUploadField.css
	css/ComplexTableField_popup.css
	dev/CSSContentParser.php
	dev/DevelopmentAdmin.php
	docs/en/changelogs/index.md
	docs/en/misc/contributing/code.md
	docs/en/reference/execution-pipeline.md
	filesystem/GD.php
	filesystem/ImagickBackend.php
	filesystem/Upload.php
	forms/Form.php
	forms/FormField.php
	forms/HtmlEditorConfig.php
	forms/gridfield/GridFieldDetailForm.php
	forms/gridfield/GridFieldSortableHeader.php
	lang/en.yml
	model/Aggregate.php
	model/DataList.php
	model/DataObject.php
	model/DataQuery.php
	model/Image.php
	model/MySQLDatabase.php
	model/SQLQuery.php
	model/fieldtypes/HTMLText.php
	model/fieldtypes/Text.php
	scss/AssetUploadField.scss
	search/filters/SearchFilter.php
	security/Authenticator.php
	security/LoginForm.php
	security/Member.php
	security/MemberAuthenticator.php
	security/MemberLoginForm.php
	security/Security.php
	tests/behat/features/bootstrap/SilverStripe/Framework/Test/Behaviour/CmsFormsContext.php
	tests/control/HTTPTest.php
	tests/control/RequestHandlingTest.php
	tests/filesystem/UploadTest.php
	tests/forms/FormTest.php
	tests/forms/NumericFieldTest.php
	tests/model/DataListTest.php
	tests/model/DataObjectTest.php
	tests/model/TextTest.php
	tests/security/MemberAuthenticatorTest.php
	tests/security/SecurityDefaultAdminTest.php
	tests/view/SSViewerCacheBlockTest.php
	tests/view/SSViewerTest.php
2014-11-18 12:45:54 +13:00
Loz Calver
85b4ba15fc FIX: DataObject::db() doesn't respect overloaded db types (fixes #3620) 2014-11-11 10:41:54 +00:00
Sean Harvey
61c6dee057 BUG Fixing plural_name messing up singular words ending in "e" (#3251)
This would ideally be fixed with the ability to use an external library
like gettext, but that's an API change. This for now fixes the issue
where a singular like "Page" returns "Pags" for the plural name.
2014-08-20 14:55:40 +12:00
Damian Mooyman
eb069e605d Remove all redundant whitespace 2014-08-19 09:17:15 +12:00
Sean Harvey
5f1552b365 BUG Custom label set in summary_fields config gets overridden 2014-08-14 14:19:41 +12:00
Damian Mooyman
d8e9af8af8 API New Database abstraction layer. Ticket #7429
Database abstraction broken up into controller, connector, query builder, and schema manager, each independently configurable via YAML / Injector
Creation of new DBQueryGenerator for database specific generation of SQL
Support for parameterised queries, move of code base to use these over escaped conditions
Refactor of SQLQuery into separate query classes for each of INSERT UPDATE DELETE and SELECT
Support for PDO
Installation process upgraded to use new ORM
SS_DatabaseException created to handle database errors, maintaining details of raw sql and parameter details for user code designed interested in that data.
Renamed DB static methods to conform correctly to naming conventions (e.g. DB::getConn -> DB::get_conn)
3.2 upgrade docs
Performance Optimisation and simplification of code to use more concise API
API Ability for database adapters to register extensions to ConfigureFromEnv.php
2014-07-09 18:04:05 +12:00
Damian Mooyman
cf5d524235 BUG Fix regressions from #2206 in hasValue and dbObject
Fixes #2982
2014-03-30 18:05:46 +13:00
Damian Mooyman
7c60c73dbb API Polymorphic has_one behaviour 2014-03-18 09:18:04 +13:00
Ingo Schommer
d8361f9d3f Merge remote-tracking branch 'origin/3.1' 2014-02-18 22:06:59 +13:00
Loz Calver
a91a4bbdc2 FIX: Searchable fields with dot notation can be inherited from summary_fields (fixes #1429) 2014-02-14 21:52:47 +00:00
Sean Harvey
6fc9db6f0e API DataObject::validate() visibility changed to public (issue #1659)
DataObject::validate() is currently set to protected, but this means
you can't call validate() from outside the context of itself unless
you overload the method to use a public visibility and then call
parent::validate()

As it would turn out, most classes that overload this method already
set the visibility to public, so it would make sense the parent matches
that as well.
2013-12-19 16:36:39 +13:00
Damian Mooyman
c74f7e7640 BUG Fixes issue where items could be deleted from a has_many relation by an entirely unrelated HasManyList calling delete on that item. 2013-11-01 11:39:13 +13:00
Hamish Friedlander
ca63e33c19 FIX Recent patch to DataObject#db changed API which broke core 2013-07-05 10:11:35 +12:00
Jeremy Thomerson
50e9eee2e9 FIX #2174: SearchFilter needs casting helper for DataObject base fields
Commit 964b3f2 fixed an issue where dbObject was returning casting helpers for
fields that were not actually DB objects, but had something in $casting config.

However, because dbObject was no longer calling DataObject->castingHelper, this
exposed a bug that the underlying function db($fieldName) was not returning
field specs for the base fields that are created by SS automatically on all
DataObjects (i.e. Created, LastEdited, etc).

This commit fixes the underlying issue that DataObject->db($fieldName) should
return the field specs for *all* DB fields like its documentation says it will,
including those base fields that are automatically created and do not appear in
$db.
2013-07-03 03:03:40 +00:00