Maxime Rainville
98926e4e6c
[CVE-2019-19326] Stop honouring X-HTTP-Method-Override header, X-Original-Url header and _method POST variable. Add SS_HTTPRequest::setHttpMethod().
2020-07-14 13:25:55 +12:00
Ben Speakman
705d342080
Update regex to only match files with names
2017-05-08 17:22:50 +12:00
Anton Smith
ae4108bf00
BUG Content-Disposition header breaks in Firefox ( #4087 )
2016-09-29 13:25:14 +13:00
Daniel Hensby
a0812f987a
Merge 3.1 into 3.2
...
Conflicts:
admin/javascript/LeftAndMain.js
control/HTTPRequest.php
docs/en/00_Getting_Started/00_Server_Requirements.md
2016-04-26 00:09:33 +01:00
Daniel Hensby
817b836870
FIX getIP from behind a load-balancer that adds many IPs to the header
2016-03-01 21:07:48 +00:00
Ingo Schommer
37059eb6b3
[ss-2016-003] Hostname, IP and Protocol Spoofing through HTTP Headers
2016-02-24 11:47:16 +13:00
Ingo Schommer
faa94d51d5
[ss-2016-003] Hostname, IP and Protocol Spoofing through HTTP Headers
2016-02-24 11:33:54 +13:00
Peter Thaleikis
e6084b7ad2
adding a space before casting into a different type
2015-09-28 22:21:02 +13:00
Damian Mooyman
8331171f2c
Merge remote-tracking branch 'origin/3.1' into 3
...
Conflicts:
.scrutinizer.yml
admin/javascript/LeftAndMain.Panel.js
core/startup/ParameterConfirmationToken.php
dev/Debug.php
dev/FixtureBlueprint.php
docs/en/00_Getting_Started/05_Coding_Conventions.md
docs/en/00_Getting_Started/index.md
docs/en/02_Developer_Guides/01_Templates/01_Syntax.md
filesystem/File.php
filesystem/Folder.php
forms/FieldList.php
forms/LabelField.php
forms/MoneyField.php
forms/TextField.php
forms/TreeDropdownField.php
forms/Validator.php
forms/gridfield/GridField.php
forms/gridfield/GridFieldExportButton.php
lang/de.yml
lang/fi.yml
model/DataObject.php
model/SQLQuery.php
parsers/ShortcodeParser.php
security/ChangePasswordForm.php
security/Security.php
tests/control/DirectorTest.php
tests/core/startup/ParameterConfirmationTokenTest.php
tests/dev/FixtureBlueprintTest.php
tests/forms/FieldListTest.php
tests/forms/MoneyFieldTest.php
tests/model/SQLQueryTest.php
tests/security/SecurityTest.php
2015-06-02 19:13:38 +12:00
Damian Mooyman
75137dbab2
Ensure only trusted proxy servers have control over certain HTTP headers
2015-05-28 10:12:46 +12:00
Damian Mooyman
dff65867cc
Merge remote-tracking branch 'origin/3.1' into 3
...
Conflicts:
control/HTTP.php
control/HTTPResponse.php
docs/en/05_Contributing/01_Code.md
forms/CompositeField.php
forms/FormAction.php
forms/FormField.php
forms/InlineFormAction.php
forms/NumericField.php
forms/TreeDropdownField.php
forms/TreeMultiselectField.php
templates/forms/TreeDropdownField.ss
tests/core/CoreTest.php
tests/forms/NumericFieldTest.php
tests/model/DataDifferencerTest.php
2015-02-20 10:17:19 +13:00
Pedro Rodrigues
77f2c81e3d
Minor typo on HTTPRequest.php
2015-01-24 21:07:40 +01:00
Damian Mooyman
0b1f297873
Merge remote-tracking branch 'origin/3.1'
...
Conflicts:
.travis.yml
README.md
admin/code/LeftAndMain.php
admin/css/screen.css
admin/scss/screen.scss
api/RestfulService.php
conf/ConfigureFromEnv.php
control/injector/ServiceConfigurationLocator.php
control/injector/SilverStripeServiceConfigurationLocator.php
core/ClassInfo.php
core/Object.php
css/AssetUploadField.css
css/ComplexTableField_popup.css
dev/CSSContentParser.php
dev/DevelopmentAdmin.php
docs/en/changelogs/index.md
docs/en/misc/contributing/code.md
docs/en/reference/execution-pipeline.md
filesystem/GD.php
filesystem/ImagickBackend.php
filesystem/Upload.php
forms/Form.php
forms/FormField.php
forms/HtmlEditorConfig.php
forms/gridfield/GridFieldDetailForm.php
forms/gridfield/GridFieldSortableHeader.php
lang/en.yml
model/Aggregate.php
model/DataList.php
model/DataObject.php
model/DataQuery.php
model/Image.php
model/MySQLDatabase.php
model/SQLQuery.php
model/fieldtypes/HTMLText.php
model/fieldtypes/Text.php
scss/AssetUploadField.scss
search/filters/SearchFilter.php
security/Authenticator.php
security/LoginForm.php
security/Member.php
security/MemberAuthenticator.php
security/MemberLoginForm.php
security/Security.php
tests/behat/features/bootstrap/SilverStripe/Framework/Test/Behaviour/CmsFormsContext.php
tests/control/HTTPTest.php
tests/control/RequestHandlingTest.php
tests/filesystem/UploadTest.php
tests/forms/FormTest.php
tests/forms/NumericFieldTest.php
tests/model/DataListTest.php
tests/model/DataObjectTest.php
tests/model/TextTest.php
tests/security/MemberAuthenticatorTest.php
tests/security/SecurityDefaultAdminTest.php
tests/view/SSViewerCacheBlockTest.php
tests/view/SSViewerTest.php
2014-11-18 12:45:54 +13:00
Damian Mooyman
eb069e605d
Remove all redundant whitespace
2014-08-19 09:17:15 +12:00
Daniel Hensby
4d7c6a206a
Fixing header case
2014-08-13 17:28:36 +01:00
Simon Welsh
8f31352039
Merge remote-tracking branch 'origin/3.1'
...
Conflicts:
.travis.yml
2014-03-16 09:36:48 +13:00
Igor
7f39fb50a6
updating comments for HTTPRequest - immutability
...
SS_HTTPRequest can be read like an array, e.g. echo $request['a'], but cannot be written like an array, e.g. $request['a'] = 5; Added comment to caution people.
See line 375:
==================================================================
/**
* @ignore
*/
public function offsetSet($offset, $value) {}
/**
* @ignore
*/
public function offsetUnset($offset) {}
==================================================================
Might be good to write something about how you are supposed to modify a request, or what you are supposed to do instead (a redirect?).
2014-03-05 13:21:54 +13:00
Ingo Schommer
455e550d9a
Merge remote-tracking branch 'origin/3.1'
...
Conflicts:
docs/en/topics/testing/create-silverstripe-test.md
forms/Form.php
i18n/i18n.php
model/Image.php
2013-09-27 19:22:14 +02:00
Mateusz Uzdowski
1461ae9e4c
BUG Fix regression in IE no-cache https file downloads.
...
Currently IE6-8 will refuse to download files over HTTPS with default
Framework settings.
Currently the HTTP::add_cache_headers competely overrides Cache-Control
headers on each request, so there is no way to inject custom headers
from the API-consuning methods.
Also of note: adding no-store header also fixes the issue but will
prevent proxies from caching the request body (which they do when using
no-cache). So the setting max-age to some low number is a better choice
here.
2013-08-26 17:15:58 +12:00
Ingo Schommer
88536998b9
Merge remote-tracking branch 'origin/3.1'
...
Conflicts:
.travis.yml
2013-05-31 18:08:59 +02:00
Hamish Friedlander
0ae3050e9e
FIX Allow Director::$rules like //$Action
...
In 3.0, doing $Action => SomeController would redirect all action requests
to that default controller. In 3.1, you need to do //$Action => SomeController
but it didnt work - those initial slashes broke matching
2013-04-29 16:13:37 +12:00
Ingo Schommer
2266638475
Note on usage of HTTP::send_files() for large files (see trac/5125)
2013-04-05 14:03:13 +02:00
Daniel Hensby
9258485aeb
API Adding setURL to HTTPRequest object
...
The current RootURLController needs to be able to change the url of a
request, so I've added it.
2013-02-28 08:50:53 +00:00
Simon Welsh
b0121b541c
Add codesniffer that ensures indentation is with tabs.
2012-12-12 17:33:31 +13:00
Ingo Schommer
56f7ce1dcf
Merge remote-tracking branch 'origin/3.0'
...
Conflicts:
control/Cookie.php
control/Director.php
control/HTTPResponse.php
model/Database.php
model/MySQLDatabase.php
model/SQLQuery.php
view/Requirements.php
view/SSViewer.php
2012-10-03 16:16:19 +02:00
Sam Minnee
1f7fc1f76a
FIX Remove instances of lines longer than 120c
...
The entire framework repo (with the exception of system-generated files) has been amended to respect the 120c line-length limit. This is in preparation for the enforcement of this rule with PHP_CodeSniffer.
2012-09-30 17:18:13 +13:00
Zauberfisch
7f1b6cfe26
MINOR: HTTPRequest and HTTPResponse now return $this on all setters
...
MINOR: also added some docs
2012-09-21 22:20:12 +00:00
Ingo Schommer
e2f073f38a
Method visibility according to coding conventions
2012-09-20 10:46:59 +02:00
Damian Mooyman
c2a8eec43c
APICHANGE: Changed behaviour of HTTP_Request::params to include route table params (as per 2.4 behaviour, see FIX: below).
...
ADDED: HTTP_Request::params() to retrieve all (shifted) params used in the request
FIXED: Issue where route-table level arguments would not be accessible without using non-deprecated API.
ADDED: Test case to test the above items
UPDATED: Extended Director::test to allow for the retrieval of the request object
UPDATED: Deprecated notice on Director::urlParam and Director::urlParams
REMOVED: Unused variable
FIXED: Coding convention conformity
2012-08-27 10:56:59 +12:00
Will Rossiter
16cb504d8e
API: add $includeGetVars flag for SS_HTTPRequest() to return the URL with the attached GET parameters.
2012-06-29 22:02:30 +12:00
Ingo Schommer
cb8b11812c
API CHANGE Moved RestfulServer into its own module at https://github.com/silverstripe/silverstripe-restfulserver ( fixes #7282 )
2012-06-04 10:21:29 +02:00
Ingo Schommer
fedb337aa5
BUGFIX Less strict checks for relative URL normalization in SS_HTTPRequest (regression from recent security fixes to Director::is_absolute_url()) ( fixes #7359 )
2012-05-20 11:16:34 +02:00
Stig Lindqvist
dffae1a2e7
API CHANGE: Do not rely on a specific OS mime type detection, use PHP finfo
...
This also removes the $global_mimetypes that was generating weird errors when both HTTP and Mailer classes tried to modify and use it.
Support of finfo should be straightforward since PHP 5.3 includes that module that default
2012-05-11 11:34:07 +12:00
Simon Welsh
f07258f3cf
MINOR Update @package values to match renaming sapphire
2012-04-15 10:50:19 +12:00
Ingo Schommer
a44b67bae2
API CHANGE Moved RequestHandler->isAjax() to SS_HTTPRequest->isAjax()
2012-04-05 23:00:22 +02:00
Simon Welsh
dd546a9888
BUGFIX Merge request arrays recursively
2011-12-23 17:48:49 +13:00
Ingo Schommer
9b29616710
API CHANGE Rearranged files in sapphire to reflect core dependencies more accurately, and have the tests/ folder mirror its folder structure
2011-03-31 09:56:21 +13:00