Commit Graph

164 Commits

Author SHA1 Message Date
Aaron Carlino
f766555d61 Merge branch '4.2' into 4.3 2019-06-10 17:27:05 +12:00
Serge Latyntcev
ca56e8d78e [CVE-2019-12246] Denial of Service on flush and development URL tools 2019-06-10 17:23:56 +12:00
Robbie Averill
ed74549c4f Merge branch '4.2' into 4.3 2019-02-19 08:39:59 +07:00
Loz Calver
568be8e29b FIX: Misconfiguration for versioned cache segmentation (fixes #8754) 2019-01-25 09:33:21 +00:00
Guy Marriott
b4c8f699eb
FIX Provide alternatives to session for storing GridField_FormAction state 2018-11-30 15:40:45 +13:00
Robbie Averill
cf4b16ed38 FIX Move password complexity requirements into framework 2018-11-08 13:23:53 +02:00
Robbie Averill
da9301f241 Use SilverStripe cache API instead of memory cache, add tests and fix cache config indentation 2018-10-05 14:58:48 +02:00
Robbie Averill
7d90a14f37 NEW Shift Embeddable and EmbedResource from asset-admin, lazy load Embed to allow injected dependencies (#8194) 2018-06-20 11:40:28 +12:00
Damian Mooyman
6b68495c0d
Rename ETagMiddleware to ChangeDetectionMiddleware 2018-06-14 11:16:52 +12:00
Damian Mooyman
687d0a6af1
Refactor everything out of HTTP and into separate middlewares 2018-06-13 17:56:47 +12:00
Damian Mooyman
aa1ba0ef90
Fix inverted condition
Remove unnecessary yml block
Deprecate HTTP::set_cache_age()
2018-06-13 13:56:47 +12:00
Damian Mooyman
442db3050c Manual merge up of 3.x changes to HTTP class 2018-06-13 11:33:45 +12:00
Damian Mooyman
76bf2ab21a WIP of cache middlware 2018-06-13 11:33:45 +12:00
Daniel Hensby
ec956a682d API Moving tests to use transactions 2018-06-13 09:35:45 +12:00
Aaron Carlino
4497f99d89 Remove versioned cache from core caches 2018-05-31 09:03:29 +12:00
Damian Mooyman
e809c0fd62
Merge remote-tracking branch 'origin/4.0' into 4.1 2018-02-15 09:27:51 +13:00
Christopher Joe
f2b82b1f77 Fix docs for configuring before/after a specific config file 2018-02-13 16:31:51 +13:00
Damian Mooyman
c4ff8443bb
API Shift basic auth checking into middleware
Fixes #7554
2017-12-20 11:39:04 +13:00
Damian Mooyman
33b2d50d59
Cache warming in InheritedPermissions::getCachePermissions()
Simplify Group::Members() code
Remove cms-only config
2017-12-12 09:01:43 +13:00
Aaron Carlino
aefb0aeaa8 Make InheritedPermissions use cache and implement cache flushing 2017-12-11 17:50:11 +13:00
Aaron Carlino
eecb9f64d3 Add new InheritedPermissionFlusher extension, CacheFlusher service 2017-12-11 16:46:59 +13:00
Damian Mooyman
9d3277f3d3
BUG Fix forceWWW and forceSSL not working in _config.php
API Introduce CanonicalURLMiddleware
BUG Fix Director::makeRelative() failing on multi-domain sites
2017-10-30 14:42:36 +13:00
Ian Walls
e0c829f471
Fixes issue 5188: X-Forwarded Proto
Removes X-Forwarded-Protocol in favour of the more standard
X-Forwarded-Proto in the default Vary header config.
2017-10-26 12:20:29 +01:00
Christopher Joe
3560a0418d rename TEMP_FOLDER to TEMP_PATH 2017-10-09 12:41:34 +13:00
Damian Mooyman
fa57deeba4
ENHANCEMENT Allow vendor modules with url rewriting
API Introduce ModuleResource feature
2017-09-29 10:28:38 +13:00
Damian Mooyman
f574f6d1b2
Reset test state for modified config options 2017-09-28 17:24:32 +13:00
Damian Mooyman
3a7c8fd0d7
Adjust YML conditionals 2017-09-28 09:15:00 +13:00
Daniel Hensby
51ac297c59
Fixes to ratelimiter and new features 2017-09-27 14:44:38 +01:00
Daniel Hensby
04b1bb816e
NEW RateLimiter for Security controller 2017-09-14 14:23:36 +01:00
Andrew Aitken-Fincham
dc240ce7f3 FIX use correct namespaces for middleware injection 2017-09-06 17:04:31 +01:00
Damian Mooyman
0681567102 BUG Fix flushing on live mode (#7241)
* BUG Fix flushing on live mode
Fixes #7217

* Clarify injector service documentation
2017-08-07 13:53:23 +12:00
Damian Mooyman
078a508d71 API Replace legacy tiny_mce_gzip compressor with asset generator
Fixes https://github.com/silverstripe/silverstripe-admin/issues/74
2017-08-01 13:43:30 +12:00
Daniel Hensby
5bf9ccc235
FIX Deprecated yml syntax 2017-07-21 15:41:44 +01:00
Daniel Hensby
4b66420f54
Remove redundant cache config 2017-07-19 12:37:30 +01:00
Robbie Averill
1a38feff22 FIX Version provider uses early bound config getter, move LeftAndMain config to admin module 2017-07-16 16:49:10 +12:00
Daniel Hensby
7fd316d405
Merge branch 3 into 4 2017-07-15 13:20:37 +01:00
Aaron Carlino
16b66440c2 BUG: Incorrect module delimiter 2017-07-13 13:15:01 +12:00
Aaron Carlino
2b266276c2 API Implement new module sorting pattern 2017-07-13 10:27:27 +12:00
Robbie Averill
ee4d8b4d4e NEW Add new SilverStripeVersionProvider to provider module versions 2017-07-04 23:29:29 +12:00
Damian Mooyman
f65e3627dc
BUG Implement or exclude all pending upgrader deltas 2017-07-03 12:21:47 +12:00
Sam Minnee
741166e369 API: ModulePath template global now takes any composer package name.
NEW: URL generation now handled by pluggable ResourceURLGenerator service.
NEW: Requirements::javascript() and Requirements::css() now support “vendor/package:resource” syntax.

These changes will make it easier to us to fully abstract:
 - file access from module location
 - file location from URL generation

API: ModulePath template global now takes any composer package name.
NEW: URL generation now handled by pluggable ResourceURLGenerator service.
NEW: Requirements::javascript() and Requirements::css() now support “vendor/package:resource” syntax.

These changes will make it easier to us to fully abstract:
 - file access from module location
 - file location from URL generation
2017-06-28 16:59:28 +12:00
Damian Mooyman
d20ab50f9d API Stronger Injector service unregistration
BUG Fix up test regressions
FIX director references to request object
API Move all middlewares to common namespace
API Implement RequestHandlerMiddlewareAdapter
ENHANCEMENT Improve IP address parsing
Fix up PHPDoc / psr2 linting
BUG Fix property parsing in TrustedProxyMiddleware
BUG Fix Director::is_https()
2017-06-27 13:32:39 +12:00
Sam Minnee
69fe166897 API: Director::handleRequest() is no longer static - use a Director service
NEW: Add HTMLMiddlewareAware trait to HTTPApplication, Director, and RequestHandler
NEW: Allow service specs to be passed to Director rules.

This refactor of the controller middlewares takes a service definition
approach rather than a static-method-and-config approach that Director
historically had.

The use of a trait for middleware means that the Middlewares array
property can be defined on RequestHandler, Director, and HTTPApplication
objects in the same way.
2017-06-27 13:32:39 +12:00
Sam Minnee
ccc86306b6 NEW: Add TrustedProxyMiddleware
API: SS_TRUSTED_PROXY_HOST_HEADER replace with middleware config
API: SS_TRUSTED_PROXY_PROTOCOL_HEADER replace with middleware config
API: SS_TRUSTED_PROXY_IP_HEADER replace with middleware config
API: Front-End-Https = “on” header no longer supported

This middleware replaces the TRUSTED_PROXY setting and shifts its
configuration out of the env vars and bootstrap and into the Director
flow.
2017-06-27 13:32:39 +12:00
Sam Minnee
72a7655e95 NEW: Moved allowed-hosts checking to a middleware. 2017-06-27 13:32:39 +12:00
Sam Minnee
db080c0603 NEW: Move session activation to SessionMiddleware. 2017-06-27 13:32:39 +12:00
Sam Minnee
254204a3a6 NEW: Replace AuthenticationRequestFilter with AuthenticationMiddleware 2017-06-27 13:32:39 +12:00
Sam Minnee
e855622890 NEW: Replace FlushRequestFilter with FlushMiddleware 2017-06-27 13:32:39 +12:00
Sam Minnee
b30f410ea0 API: Deprecate RequestFilter.
NEW: Allow application of HTTPMiddleware to Director.

Director can now use the same HTTPMiddleware objects as the app object.
They can be applied either globally or pre-rule.
2017-06-27 13:32:39 +12:00
Daniel Hensby
b1d8c0308b
Remove asset cache that belongs in assets module 2017-06-23 10:45:41 +01:00