Commit Graph

620 Commits

Author SHA1 Message Date
Damian Mooyman
8c0ced311f Merge pull request #6998 from AntonyThorpe/StrictFormMethodCheck
Updated Form.php & 04_Form_Security.md  - strictFormMethodCheck to true
2017-06-06 23:06:11 +12:00
Antony Thorpe
6348f2e3e8 Updated Form.php & 04_Form_Security.md
Changed the `strictFormMethodCheck` protected property from false to true to step out on the front foot with this security setting.  In the documentation under the title [Cross-Site Request Forgery](https://github.com/silverstripe/silverstripe-framework/blob/master/docs/en/02_Developer_Guides/09_Security/04_Secure_Coding.md#cross-site-request-forgery-csrf) it states, "it is also recommended to limit form submissions to the intended HTTP verb (mostly GET or POST) through [api:Form::setStrictFormMethodCheck()]."  The same advice is noted in [Form Security](c2292a4cc1/docs/en/02_Developer_Guides/03_Forms/04_Form_Security.md (strict-form-submission)).

Why not make this the default behaviour?  Is there a scenario where this would cause a problem?  Have manually tested in the CMS (alpha7) and is working fine.

Note: Original commit that establised the API Form::setStrictFormMethodCheck is 14c59be8.
2017-06-06 21:10:49 +12:00
Christopher Joe
d12c986dd5
Fixes printing from crashing 2017-06-06 13:31:37 +12:00
Damian Mooyman
e7d87add9f API Remove legacy HTMLEditor classes 2017-05-30 11:01:28 +12:00
Damian Mooyman
0cd40ca6e5
BUG Fix minor accessors of legacy ->class property 2017-05-25 11:55:12 +12:00
Damian Mooyman
d15b9ee0b0 Response to feedback 2017-05-23 13:50:35 +12:00
Damian Mooyman
fba8e2c245 API Remove Object class
API DataObjectSchema::manyManyComponent() return array is now associative array
2017-05-23 13:50:35 +12:00
Damian Mooyman
7bc8172bc1 Merge pull request #6937 from caffeineinc/2930-checkboxfield-invalid-html
CheckboxField creates invalid HTML when required #2939
2017-05-22 13:44:58 +12:00
Simon Gow
cdc03602ed CheckboxField creates invalid HTML when required #2939
- Updated CheckboxField, CheckboxSetField, DropdownField, OptionsetField
 to validate with HTML5 attributes & aria-required.

https://www.w3.org/TR/wai-aria/states_and_properties#aria-required
2017-05-22 12:15:28 +12:00
Damian Mooyman
2aa3b5d5fa Merge pull request #6934 from robbieaverill/pulls/4.0/consistent-instance-method
API Consistent use of inst() naming across framework
2017-05-22 11:57:20 +12:00
Damian Mooyman
80bff0d099 Merge pull request #6932 from mikenz/pulls/4.0/treedropdownfield-orphaned
Bugfix: Parent treedropdownfield for an orphaned page is broken
2017-05-22 10:53:33 +12:00
Robbie Averill
f2cbe86f03 Remove CustomMethods::createMethod and create_function implementations, replace with closures 2017-05-19 15:56:44 +12:00
Robbie Averill
ad43a82923 API Consistent use of inst() naming across framework 2017-05-19 14:38:06 +12:00
Mike Cochrane
31578d4771 Bugfix: Parent treedropdownfield for an orphaned page is broken 2017-05-19 12:15:36 +12:00
Ingo Schommer
adbf9d9f71 Process actions on Form subclasses
Regression introduced through https://github.com/silverstripe/silverstripe-framework/issues/6362.

Quote from the RFC:

```
Thus the order of action precedence becomes

action callback
action on the Form
action on the FormRequestHandler
action on any parent controller (if given)
```
2017-05-18 22:47:39 +12:00
Damian Mooyman
8ed675d29b Merge pull request #4542 from patricknelson/issue-4417-validator-remove-validation-master
FIX for #4417: Ensuring ->removeValidation() is defined on instances of Validator. Setup new API for enabling/disabling validation. Documentation and better type handling.
2017-05-18 09:27:48 +12:00
Christopher Joe
0534a5ec0c Fix TreeDowndropField copying 2017-05-17 16:52:21 +12:00
Christopher Joe
287ad35f0d Fix change API to hasEmptyDefault() to be inline with SingleSelectField 2017-05-17 10:13:54 +12:00
Christopher Joe
3927e7e248 Fix added cache key for TreeDropdownField cache 2017-05-17 10:13:54 +12:00
Christopher Joe
6869e450a0 Enhancement added customisable emptyTitle and a showRootOption property in TreeDropdownField 2017-05-17 10:13:54 +12:00
Patrick Nelson
5fa3c85280
FIX for #4417: Ensuring ->removeValidation() is defined on instances of Validator. Setup new API for enabling/disabling validation. Documentation and better type handling. 2017-05-16 12:58:00 +01:00
Saophalkun Ponlu
1ec7c4e523 Fix lint error 2017-05-16 11:53:23 +12:00
Saophalkun Ponlu
a975b88661 Pass autofocus flag to front-end 2017-05-16 11:53:23 +12:00
Daniel Hensby
e741af9127
Merge branch 'pull/6905' 2017-05-12 12:21:02 +01:00
Ralph Slooten
43a122cc36 Fix for meta closing tags
Prevent html errors when FormField::create_tag('meta') is called from $MetaTags() so
```
<meta name="generator" content="SilverStripe - http://silverstripe.org"></meta>
```
becomes
```
<meta name="generator" content="SilverStripe - http://silverstripe.org" />
```

Add all void elements to list
2017-05-12 08:49:15 +12:00
Christopher Joe
edcb220e4a Enhancement add EmailLink form factory server-side 2017-05-11 09:57:55 +12:00
Christopher Joe
c58dc97d39 Fix optional $id param because of how methodSchema passes a parameter 2017-05-11 09:57:55 +12:00
Christopher Joe
2ee0d99806 Enhancement switch FormFactories to use RequestHandler instead of Controller 2017-05-11 09:57:55 +12:00
Christopher Joe
403f4db14d Fix change titles to return schema values in schema
Enhancement Add EditorExternalLink call for toolbar
2017-05-11 09:57:55 +12:00
Aaron Carlino
4af71b9ed7 Pulls/4/remove reliance on admin dir (#6876)
* Stop relying on external constants

* Revise getTinyMCEPath method to throw exception when no path can be computed

* Throw exception on no gzip, better admin module check
2017-05-10 13:18:44 +12:00
Saophalkun Ponlu
fd51f35bc2 Update tests 2017-05-09 16:52:32 +12:00
Saophalkun Ponlu
97dac7028c De-couple schema type and type attribute 2017-05-09 16:50:33 +12:00
Sam Minnée
33119a1f36 Merge branch 'master' into pulls/4.0/remove-deprecated-methods 2017-05-09 15:31:53 +12:00
Ingo Schommer
1d438d3fb5 API Remove deprecated FormAction::createTag() 2017-05-09 11:38:35 +12:00
Ingo Schommer
bbf15ab9f1 Allow type override in FormAction 2017-05-09 11:16:41 +12:00
Ingo Schommer
0d9b383631 API Removed legacy form fields (fixes #6099) 2017-05-09 11:16:41 +12:00
Aaron Carlino
afd1575267 ENHANCEMENT GridField passes in context for canCreate 2017-05-09 09:15:09 +12:00
Aaron Carlino
c99ed2d262 Reorganise i18n keys 2017-05-08 23:34:39 +12:00
Uncle Cheese
d51c4891e2 New namespaced i18n keys 2017-04-28 14:59:42 +12:00
Uncle Cheese
494cbd1875 Ran upgrader for lang files 2017-04-28 14:59:42 +12:00
Ingo Schommer
22f232ed4d Mark up <time> in validation errors
Allow better localisation of values in JS
2017-04-27 21:44:52 +12:00
Ingo Schommer
cbe534c675 Fixed component capitalisation 2017-04-27 15:36:18 +12:00
Ingo Schommer
94b49e3e28 Removed unused field 2017-04-27 15:36:11 +12:00
Ingo Schommer
60706c8efd Store $value in ISO and server timezone consistently, fix min/max timezone handling 2017-04-27 14:59:11 +12:00
Ingo Schommer
628fd216ad PHPDoc fixes 2017-04-27 11:56:23 +12:00
Ingo Schommer
f01a20d5c4 Only used normalised ISO on HTML5 2017-04-27 11:56:18 +12:00
Ingo Schommer
de8abe1167 API rename 2017-04-27 11:53:43 +12:00
Ingo Schommer
b852a76334 Consistent schema keys 2017-04-27 11:47:04 +12:00
Ingo Schommer
14b3468eee Removed setting format in getter
That’s already handled in getFormatter()
2017-04-27 11:09:59 +12:00
Ingo Schommer
655b047d80 Removed superfluous methods 2017-04-27 11:09:43 +12:00
Ingo Schommer
d3afa0c3b5 Remove array check since setSubmittedValue() no longer supports it 2017-04-27 10:59:44 +12:00
Ingo Schommer
958736502a Removed “T” str_replace, more comments 2017-04-27 10:32:22 +12:00
Ingo Schommer
1ec2abe75f Fixed timezone and normalised ISO handling
A few observations:
- ISO says “T” is optional (https://en.wikipedia.org/wiki/ISO_8601#cite_note-21),
- WHATWG says in the HTML5 spec that it’s optional (https://html.spec.whatwg.org/multipage/infrastructure.html#local-dates-and-times)
- W3C says it’s reqiured in 1997 (https://www.w3.org/TR/NOTE-datetime), but then later says it’s optional in its HTML5 spec (https://www.w3.org/TR/html5/infrastructure.html#floating-dates-and-times).
- Chrome doesn’t parse values with whitespace separators (requires "T")
- DataObject DBDatetime values and database columns use whitespace separators (and will have many devs relying on this format)
- MySQL only supports whitespace separators (https://dev.mysql.com/doc/refman/5.7/en/datetime.html)
- SQLite can parse both ways (https://sqlite.org/lang_datefunc.html)

So the goal here is to retain ORM/database compatibility with 3.x (whitespace separator),
while exposing "T" separators to the browser in HTML5 mode.

Regarding timezones, this fixes a regression where setValue() would not actually
apply the timezone (last $value assignment is ineffective now that sub fields are removed).
2017-04-26 22:55:29 +12:00
Ingo Schommer
e97783b057 Better second handling 2017-04-26 22:45:08 +12:00
Ingo Schommer
d2132e85db More specific localisations 2017-04-26 22:45:07 +12:00
Saophalkun Ponlu
dba1f61f13 Fix tests related to date time 2017-04-26 22:45:07 +12:00
Saophalkun Ponlu
9d7eef7cf3 Fix datetime field validation for the refactor 2017-04-26 22:45:07 +12:00
Saophalkun Ponlu
4a70662940 Pass html5 flag to front-end 2017-04-26 22:45:07 +12:00
Saophalkun Ponlu
9f8fe88eea Refactor DateTimeField not to use DateField and TimeField 2017-04-26 22:45:07 +12:00
Saophalkun Ponlu
81a21f68cd Add 'lang' attribute to front-end date field schema 2017-04-26 22:45:06 +12:00
Damian Mooyman
0791b387b8 API Update serialisation of JSON tree data
Update TreeDropdownField schema
2017-04-26 17:30:10 +12:00
Saophalkun Ponlu
68041f4265 Wrap selection group input in label 2017-04-26 13:54:06 +12:00
Damian Mooyman
136b67f597
API Major refactor of Hierarchy into MarkedSet 2017-04-13 16:27:13 +12:00
Damian Mooyman
f38ae1d837 Cleanup phpdocs on DatetimeField 2017-04-13 14:00:30 +12:00
Damian Mooyman
e61257c27b API Update embed/embed to 3.0
API Better shortcode generation for embed shortcodes
2017-04-04 10:20:08 +12:00
Christopher Joe
2c5e482de0 Add LabelField component definition 2017-04-04 10:20:08 +12:00
Ingo Schommer
e3fbd1dcac Fixed coding conventions 2017-04-03 20:54:25 +12:00
Ingo Schommer
3b94d14e42 MERGE 2017-04-03 12:11:21 +12:00
Ingo Schommer
326aa37ea4 API HTML5 date/time fields, remove member prefs (fixes #6626) 2017-03-31 15:21:47 +13:00
Ingo Schommer
ac6d4f3038 Move DateField->placeholders to subclass
It’s only used there
2017-03-31 14:15:21 +13:00
Damian Mooyman
a07a9bffc4
API Add FormRequestHandler::forTemplate() for backwards compatibility 2017-03-13 12:51:37 +13:00
Damian Mooyman
0c41a97a8b API Refactor Form request handling into FormRequestHandler
API Add HasRequestHandler interface
API Refactor Link() and url handling behaviour from Controller into RequestHandler
API RequestHandler classes now must define url_segment to have a default Link()
API Clean up redirectBack()
2017-03-10 15:04:33 +13:00
Christopher Joe
50deb17763 API remove UploadField, AssetField and associated files
Fixes #6481
2017-03-09 10:16:46 +13:00
Damian Mooyman
3362e15a29 API Upgrade code to use updated config 2017-02-27 16:54:01 +13:00
Damian Mooyman
1d49c4afe9 API Remove non-asset-admin TinyMCE media dialog
API Split ssplugin into ssmedia and sslink plugins
2017-02-27 10:38:23 +13:00
Damian Mooyman
bab52e2403 Tweak dropdownfield 2017-02-27 10:38:23 +13:00
Christopher Joe
98ecaf9bd0 Change UploadField to TreeDropdownField for modal fields
Change UploadField to abstract placeholder FileHandleField for non-modal fields
2017-02-27 10:38:23 +13:00
Daniel Hensby
7156da6279
Merge branch '3' 2017-02-20 22:19:33 +00:00
Ingo Schommer
b7bed18192 Mark setShowCalendar() as experimental 2017-02-16 10:55:07 +13:00
Ingo Schommer
80723c077b Reinstated separated DateField functionality 2017-02-16 09:06:14 +13:00
Damian Mooyman
014f0d23ed
API Create SeparatedDateField
API Restrict allowed values parsed via DBDate::setValue
API Remove NumericField_Readonly
API Remove DBTime::Nice12 / Nice24
2017-02-15 11:07:58 +13:00
Damian Mooyman
029a8b9586
API Substitute Zend_Currency with NumberFormatter based solution
API Substitute Zend_Locale with Locale / NumberFormatter
API Substitute Zend_Date with IntlDateFormatter
API Added DBTIme::Nice12, FormatFromSettings
API Added Short() method to DBDate / DBTime / DBDatetime
API Add Date::getTimestamp()
API Added setSubmittedValue api for FormField
API Add second arg to base FormField::setValue()
API Major refactor of i18n into component data parts
API Implement Resettable interface to reset objects between tests
ENHANCEMENT Changed DBField::create_field return type to `static` to support better type hinting
ENHANCEMENT i18nTextCollector supports __CLASS__
2017-02-09 15:28:59 +13:00
Colin Tucker
34398b0faa Cast SmallFieldHolder to HTMLFragment - fixes #6568 2017-01-27 09:16:58 +11:00
Damian Mooyman
8a07c56bdf API Replace i18n message localisation with symfony/translation
API Implement enhanced pluralisation
Remove Zend_Translate and all Zend dependencies from i18n
Deprecated $context from i18n::_t()
Warn on missing default string for i18n::_t()
2017-01-25 17:08:12 +13:00
Lee Bradley
6000e3ba16 GridFieldAddExistingAutocompleter: Make Search Response HTTPResponse
Also adds the 'text/json' Content-Type header
2017-01-17 10:03:07 +00:00
Robbie Averill
ce38f1f1fd API Enhancement: Allow "removeComponentsByType" to remove multiple component"s" 2017-01-13 23:30:30 +13:00
Daniel Hensby
747c0770e7 Merge pull request #6446 from robbieaverill/feature/controllers-without-underscores
API Allow controller discovery without underscores (PSR-2 compliance)
2017-01-11 15:27:56 +00:00
Damian Mooyman
b52a963ed7
ENHANCEMENT Remove jquery-ui button() api from default HTML editor dialog 2017-01-11 17:04:20 +13:00
Damian Mooyman
6b5efb91fd Merge pull request #6434 from open-sausages/features/4.0/ui-button-refresh
Refresh CMS UI buttons to new flat style and bootstrap classes
2017-01-11 14:22:25 +13:00
Damian Mooyman
d9034f5bfc
Remove redundant CMSSecurity.js dist file
Cleanup GridFieldFilterHeader / GridFieldSortableHeader
2017-01-11 12:00:01 +13:00
Robbie Averill
c620063608 DOCS Update docs to reference PageController without an underscore, implement some PSR-2 2017-01-11 09:59:28 +13:00
Daniel Hensby
a996e20e79 Merge pull request #6450 from mikenz/page-to-sitetree
ENHANCEMENT: Use SiteTree instead of Page class in more places
2017-01-10 16:02:15 +00:00
Daniel Hensby
f3b6bb1470
Merge branch '3' 2017-01-10 14:31:07 +00:00
Damian Mooyman
b62f9b60a0
BUG Fix broken member / group import
BUG GridFieldImportButton no longer only works on ModelAdmin
2017-01-10 17:57:54 +13:00
Christopher Joe
8118448a9c Fix PHP linting issues 2017-01-10 11:34:50 +13:00
Will Rossiter
56c2363909 Implement feedback fixes
Enhancement Fix ModelAdmin import form not POSTing to correct form
2017-01-10 11:05:58 +13:00
Paul Clarke
e893fc4c51 Enhancement improve secondary action colours
Enhancement add accessibility info to page number
Enhancement new font icons added, improve trash icon and increase icon size of close
Enhancement improve title of gridfield search trigger
Enhancement add title to button to open gridfield search and improve gridfield search styles
API Shortcode fails if no parent
API JQuery-UI classes removed
Enhancement centre actions tabs within dropup in more-actions
Enhancement fix IE input height issue and fix for safari of icons in buttons with hidden text (e.g. pagination)
Enhancement only show external link on hover
2017-01-10 10:55:34 +13:00
Will Rossiter
ddc9a9c6d6 Enhancement Fix up buttons within gridfield search
Enhancement Fix up batch actions button
2017-01-10 10:53:10 +13:00
Paul Clarke
7b90ee137d Enhancement resize icon to sit inline and increase size of search icon and Upload icon
Enhancement remove float from buttons as already aligned inline
Enhancement Align buttons in toolbar more consistently
API remove ui overrides
API ss-ui-button no longer exists so styles where not seen, removed nesting
2017-01-10 10:51:07 +13:00
Will Rossiter
cb6ec11f1b Enhancement Implement import CSV icon and tidy up import forms
Enhancement Tidy up permission icons to new icon library
WIP The modal is a short term workaround until the UI is all react based but we wanted to do some cleanup prior to 4 release
API Remove ssui.button
Enhancement Update buttons to new flat bootstrap style
2017-01-10 10:49:15 +13:00
Paul Clarke
178bd480eb API Changes required for asset search behaviour 2017-01-09 14:55:20 +13:00
Mike Cochrane
0cf477d36e Use SiteTree instead of Page class in more places 2017-01-03 20:37:17 +13:00
Daniel Hensby
664c0eafbe
Merge branch '3' 2016-12-28 14:30:54 +00:00
Daniel Hensby
ba39e552a2
Merge branch '3' 2016-12-15 12:20:29 +00:00
Damian Mooyman
6e589aac75
API Updates to Form, ValidationResponse, ValidationException
API Implement form schema "errors" handling
2016-12-09 14:24:11 +13:00
Sam Minnee
6650561dac Don't use session and FormSchema to manage server-side React validation responses 2016-12-09 10:27:23 +13:00
Damian Mooyman
6b06fd9f2d
API Add buttonTooltop to PopoverField and fix critical positioning issue 2016-12-07 13:06:35 +13:00
Daniel Hensby
c6d43b477e
Merge branch '3' 2016-11-29 13:27:49 +00:00
Damian Mooyman
bc19b2a491
PSR2 cleanup 2016-11-29 16:18:48 +13:00
Damian Mooyman
d4abfea4eb Rename Uploadable -> UploadReceiver and FileUploadable -> FileUploadReceiver 2016-11-29 16:16:16 +13:00
Damian Mooyman
7cba50e3a5 API Refactor UploadField, FileField and AssetField into traits Uploadable and FileUploadable 2016-11-29 16:15:59 +13:00
Damian Mooyman
1b1e921e3d
PSR2: Whitespace-only changes 2016-11-29 12:31:16 +13:00
Damian Mooyman
6e8304ff2f API Namespace framework tests 2016-11-23 19:25:12 +13:00
Christopher Joe
875811fdfd API Create loading state for schema
API Create stateOverride state for schema
Enhancement Moved crumbs property to rely on redux state
Enhancement Updated file app icon names
API Added InsertMediaModal functionality to HtmlEditorField
API Removed dependency on schema ID that is returned from server
API Added afterMessages property for FormBuilder to display content after the alert message
2016-11-22 16:58:00 +13:00
Daniel Hensby
bcc21c2403
Merge branch '3' 2016-11-10 01:09:35 +00:00
Christopher Joe
8a7ea044ac Added validator class to decouple validation library from FormBuilder
Added required rule priority logic and fix styling of error messages
2016-11-03 10:39:53 +13:00
Christopher Joe
0901de2995 BUG Fix php schema generation 2016-11-03 10:26:39 +13:00
Damian Mooyman
1142757c21 API Add 'validation' to form schema 2016-11-03 10:07:24 +13:00
Damian Mooyman
38fdafb474 Fix tinymce breaking in non-typical install location 2016-11-01 17:40:59 +13:00
Sam Minnee
7a10c194bd NEW: Move code files into src/ folder.
This updates framework to be more in keeping with PHP conventions.
2016-11-01 13:37:24 +13:00