Aaron Carlino
6bf9542d66
[SS-2018-021] Patch SQL Injection vulnerability when arrays are assigned to DataObject Fields
2019-02-12 21:36:50 +13:00
Robbie Averill
4182d1b60c
Merge branch '3.6' into 3.7
2019-01-29 13:59:56 +02:00
Loz Calver
746c0679ad
FIX: Injector may instantiate prototypes as if they're singletons ( fixes #8567 )
2019-01-23 11:47:28 +00:00
Sam Minnee
c5201dc01a
FIX: Allow DataObjectTest to be run by itself
2018-10-03 13:19:29 +13:00
Damian Mooyman
4a0e5b6367
BUG Fix crash on fixed_fields in default_sort
2018-06-07 14:54:04 +12:00
Jonathon Menz
c767e472dc
FIX DataObject singleton creation
...
Ensure DataObject instances are aware they are singletons so functions like populateDefaults() can be skipped. (fixes #4878 )
2018-02-12 20:30:35 -08:00
Daniel Hensby
1ae07ac2a3
TEST Prove LastEdited is updated when no changes are made
2017-08-16 22:26:47 +01:00
Daniel Hensby
24a768ae14
Merge branch '3.4' into 3.5
2017-05-26 14:57:15 +01:00
Daniel Hensby
85f0650796
Remove unnecessary nesting of config/injector in tests
2017-05-24 16:05:39 +01:00
Daniel Hensby
9a6121c867
Merge branch '3.4' into 3
2016-10-16 22:56:37 +01:00
Jonathon Menz
797be6ac82
FIX Revert natural sort
...
More backwards compatible and more consistent with ORM sorting (fixes #6124 )
2016-10-04 13:56:12 -07:00
Stephan van Diepen
95b66d19b2
Added MySQL support for Bigint.
...
Conflicts:
model/MySQLDatabase.php
2016-09-30 16:38:25 +01:00
Damian Mooyman
6035be7e57
Merge pull request #5548 from kinglozzer/4661-extrafields-casting
...
FIX: castingHelper failed to find many_many_extraFields data (fixes #4661 )
2016-05-19 14:10:37 +12:00
Damian Mooyman
8ed25ae482
BUG Fix DataObject::isChanged() detecting non saveable changes ( #5545 )
2016-05-18 09:00:04 +10:00
Loz Calver
7a81372294
FIX: castingHelper failed to find many_many_extraFields data ( fixes #4661 )
2016-05-17 16:04:28 +01:00
Daniel Hensby
e8962b95d0
Merge branch '3.1' into 3.2
2016-05-12 16:05:54 +01:00
Loz Calver
5b275376d3
Many many bug
2016-05-12 12:38:04 +01:00
Daniel Hensby
dad3784621
Fixing issue where words ending ay/ey/iy/oy/uy are not pluralised correctly
2015-11-06 16:23:45 +00:00
Damian Mooyman
c4710b2272
Merge remote-tracking branch 'origin/3.1' into 3.2
...
Conflicts:
admin/code/GroupImportForm.php
admin/code/MemberImportForm.php
tests/model/DataListTest.php
2015-09-15 13:18:47 +12:00
Damian Mooyman
7367cf54c4
[ss-2015-020]: Prevent possible Privilege escalation
2015-09-10 13:01:24 +12:00
Damian Mooyman
7ee444e08a
Merge remote-tracking branch 'origin/3.1' into 3.2
...
Conflicts:
admin/code/LeftAndMain.php
control/injector/SilverStripeServiceConfigurationLocator.php
core/ClassInfo.php
filesystem/File.php
model/DataObject.php
model/DataQuery.php
search/filters/FulltextFilter.php
search/filters/SearchFilter.php
tests/core/ClassInfoTest.php
tests/filesystem/FileTest.php
tests/model/DataListTest.php
2015-07-31 11:38:18 +12:00
Russell
51722e3d12
DataObject accept arrays or stdClass
...
The constructor of DataObject can take an array or stdClass for $record.
However, it is access as an array [here](https://github.com/silverstripe/silverstripe-framework/blob/3.1/model/DataObject.php#L416 ) and [here](https://github.com/silverstripe/silverstripe-framework/blob/3.1/model/DataObject.php#L431 )
This pull request ensures $record is an array after validation
2015-07-27 10:29:34 +01:00
Ingo Schommer
b95fdc7ba0
Merge pull request #4286 from tractorcow/pulls/3.2/fix-public-validate
...
API Revert DataObject::validate to 3.1 method signature (protected)
2015-06-17 15:36:03 +12:00
Damian Mooyman
0abacaead6
Merge remote-tracking branch 'origin/3.1' into 3
...
Conflicts:
admin/code/LeftAndMain.php
forms/EmailField.php
forms/Form.php
forms/HeaderField.php
forms/LiteralField.php
forms/PasswordField.php
forms/TextareaField.php
forms/TreeDropdownField.php
model/DataObject.php
tests/forms/uploadfield/UploadFieldTest.php
tests/model/DataObjectTest.php
2015-06-17 11:24:25 +12:00
Daniel Hensby
6169bf2760
FIX No longer caching has_one after ID change
2015-06-16 17:38:34 +01:00
Damian Mooyman
58cc3da8d8
API Revert DataObject::validate to 3.1 method signature (protected)
2015-06-16 11:59:21 +12:00
Loz Calver
835ee69339
NEW: Only validate DataObject model definitions during a build
2015-03-13 16:16:16 +00:00
Loz Calver
c58f4c469d
Replace core uses of DataObject::has_one/has_many/many_many
2015-03-13 16:16:12 +00:00
Loz Calver
7e2a00aa3d
Refactor DataObject has_one/has_many/many_many methods
2015-03-13 15:15:23 +00:00
Loz Calver
203f77116b
Fixes, tests and documentation for multiple many_manys between the same class
2015-03-13 09:27:23 +00:00
Damian Mooyman
319b96b48b
Merge remote-tracking branch 'origin/3.1' into 3
...
Conflicts:
docs/en/02_Developer_Guides/09_Security/04_Secure_Coding.md
docs/en/05_Contributing/01_Code.md
forms/TreeDropdownField.php
model/DataObject.php
security/Member.php
tests/model/DataObjectTest.php
2015-03-11 11:40:06 +13:00
Will Rossiter
548f297563
Merge pull request #3890 from dhensby/pulls/testonly
...
Cleaning up Test DataObjects to ensure TestOnly is implemented
2015-02-28 18:06:53 +13:00
Loz Calver
3a7e24a220
FIX: Unable to access a list of all many_many_extraFields
2015-02-25 10:33:50 +00:00
Damian Mooyman
dff65867cc
Merge remote-tracking branch 'origin/3.1' into 3
...
Conflicts:
control/HTTP.php
control/HTTPResponse.php
docs/en/05_Contributing/01_Code.md
forms/CompositeField.php
forms/FormAction.php
forms/FormField.php
forms/InlineFormAction.php
forms/NumericField.php
forms/TreeDropdownField.php
forms/TreeMultiselectField.php
templates/forms/TreeDropdownField.ss
tests/core/CoreTest.php
tests/forms/NumericFieldTest.php
tests/model/DataDifferencerTest.php
2015-02-20 10:17:19 +13:00
Daniel Hensby
0ca0bb55b0
Cleaning up Test DataObjects to ensure TestOnly is implemented
2015-02-12 15:22:29 +00:00
Loz Calver
77ebdc22fa
FIX: DataObject::db returned fields in incorrect order, with incorrect data types
...
fixes #3802
2015-01-19 20:38:08 +00:00
Damian Mooyman
0b1f297873
Merge remote-tracking branch 'origin/3.1'
...
Conflicts:
.travis.yml
README.md
admin/code/LeftAndMain.php
admin/css/screen.css
admin/scss/screen.scss
api/RestfulService.php
conf/ConfigureFromEnv.php
control/injector/ServiceConfigurationLocator.php
control/injector/SilverStripeServiceConfigurationLocator.php
core/ClassInfo.php
core/Object.php
css/AssetUploadField.css
css/ComplexTableField_popup.css
dev/CSSContentParser.php
dev/DevelopmentAdmin.php
docs/en/changelogs/index.md
docs/en/misc/contributing/code.md
docs/en/reference/execution-pipeline.md
filesystem/GD.php
filesystem/ImagickBackend.php
filesystem/Upload.php
forms/Form.php
forms/FormField.php
forms/HtmlEditorConfig.php
forms/gridfield/GridFieldDetailForm.php
forms/gridfield/GridFieldSortableHeader.php
lang/en.yml
model/Aggregate.php
model/DataList.php
model/DataObject.php
model/DataQuery.php
model/Image.php
model/MySQLDatabase.php
model/SQLQuery.php
model/fieldtypes/HTMLText.php
model/fieldtypes/Text.php
scss/AssetUploadField.scss
search/filters/SearchFilter.php
security/Authenticator.php
security/LoginForm.php
security/Member.php
security/MemberAuthenticator.php
security/MemberLoginForm.php
security/Security.php
tests/behat/features/bootstrap/SilverStripe/Framework/Test/Behaviour/CmsFormsContext.php
tests/control/HTTPTest.php
tests/control/RequestHandlingTest.php
tests/filesystem/UploadTest.php
tests/forms/FormTest.php
tests/forms/NumericFieldTest.php
tests/model/DataListTest.php
tests/model/DataObjectTest.php
tests/model/TextTest.php
tests/security/MemberAuthenticatorTest.php
tests/security/SecurityDefaultAdminTest.php
tests/view/SSViewerCacheBlockTest.php
tests/view/SSViewerTest.php
2014-11-18 12:45:54 +13:00
Loz Calver
85b4ba15fc
FIX: DataObject::db() doesn't respect overloaded db types ( fixes #3620 )
2014-11-11 10:41:54 +00:00
Sean Harvey
61c6dee057
BUG Fixing plural_name messing up singular words ending in "e" ( #3251 )
...
This would ideally be fixed with the ability to use an external library
like gettext, but that's an API change. This for now fixes the issue
where a singular like "Page" returns "Pags" for the plural name.
2014-08-20 14:55:40 +12:00
Damian Mooyman
eb069e605d
Remove all redundant whitespace
2014-08-19 09:17:15 +12:00
Sean Harvey
5f1552b365
BUG Custom label set in summary_fields config gets overridden
2014-08-14 14:19:41 +12:00
Damian Mooyman
d8e9af8af8
API New Database abstraction layer. Ticket #7429
...
Database abstraction broken up into controller, connector, query builder, and schema manager, each independently configurable via YAML / Injector
Creation of new DBQueryGenerator for database specific generation of SQL
Support for parameterised queries, move of code base to use these over escaped conditions
Refactor of SQLQuery into separate query classes for each of INSERT UPDATE DELETE and SELECT
Support for PDO
Installation process upgraded to use new ORM
SS_DatabaseException created to handle database errors, maintaining details of raw sql and parameter details for user code designed interested in that data.
Renamed DB static methods to conform correctly to naming conventions (e.g. DB::getConn -> DB::get_conn)
3.2 upgrade docs
Performance Optimisation and simplification of code to use more concise API
API Ability for database adapters to register extensions to ConfigureFromEnv.php
2014-07-09 18:04:05 +12:00
Damian Mooyman
cf5d524235
BUG Fix regressions from #2206 in hasValue and dbObject
...
Fixes #2982
2014-03-30 18:05:46 +13:00
Damian Mooyman
7c60c73dbb
API Polymorphic has_one behaviour
2014-03-18 09:18:04 +13:00
Ingo Schommer
d8361f9d3f
Merge remote-tracking branch 'origin/3.1'
2014-02-18 22:06:59 +13:00
Loz Calver
a91a4bbdc2
FIX: Searchable fields with dot notation can be inherited from summary_fields ( fixes #1429 )
2014-02-14 21:52:47 +00:00
Sean Harvey
6fc9db6f0e
API DataObject::validate() visibility changed to public (issue #1659 )
...
DataObject::validate() is currently set to protected, but this means
you can't call validate() from outside the context of itself unless
you overload the method to use a public visibility and then call
parent::validate()
As it would turn out, most classes that overload this method already
set the visibility to public, so it would make sense the parent matches
that as well.
2013-12-19 16:36:39 +13:00
Damian Mooyman
c74f7e7640
BUG Fixes issue where items could be deleted from a has_many relation by an entirely unrelated HasManyList calling delete on that item.
2013-11-01 11:39:13 +13:00
Hamish Friedlander
ca63e33c19
FIX Recent patch to DataObject#db changed API which broke core
2013-07-05 10:11:35 +12:00
Jeremy Thomerson
50e9eee2e9
FIX #2174 : SearchFilter needs casting helper for DataObject base fields
...
Commit 964b3f2 fixed an issue where dbObject was returning casting helpers for
fields that were not actually DB objects, but had something in $casting config.
However, because dbObject was no longer calling DataObject->castingHelper, this
exposed a bug that the underlying function db($fieldName) was not returning
field specs for the base fields that are created by SS automatically on all
DataObjects (i.e. Created, LastEdited, etc).
This commit fixes the underlying issue that DataObject->db($fieldName) should
return the field specs for *all* DB fields like its documentation says it will,
including those base fields that are automatically created and do not appear in
$db.
2013-07-03 03:03:40 +00:00