Commit Graph

155 Commits

Author SHA1 Message Date
Ingo Schommer
fb784af738 API Enforce $allowed_actions in RequestHandler->checkAccessAction()
See discussion at https://groups.google.com/forum/?fromgroups#!topic/silverstripe-dev/Dodomh9QZjk

Fixes an access issue where all public methods on FormField were allowed,
and not checked for $allowed_actions. Before this patch you could e.g.
call FormField->Value() on the first field by using action_Value.

Removes the following assertion because it only worked due to RequestHandlingTest_AllowedControllerExtension
*not* having $allowed_extensions declared: "Actions on magic methods are only accessible if explicitly allowed on the controller."
2013-06-24 14:50:40 +02:00
Ingo Schommer
63eb9518d2 Consistent Form setters (returning $this on setHTMLID()) 2013-06-13 07:51:08 +02:00
Ingo Schommer
bfff11eb9c API New CMSForm class to allow validation responses in CMS (fixes #1777)
Thanks to @willmorgan for getting this discussion started
(see https://github.com/silverstripe/sapphire/pull/1814).
2013-06-13 07:51:05 +02:00
uniun
5596442081 FIX: Form::set_current_action() never gets called. 2013-05-24 11:25:36 +03:00
Ingo Schommer
14c59be85e API Form::setStrictFormMethodCheck() and strict argument to setFormMethod()
Thanks to @sminnee for getting this started
2013-05-08 10:25:13 +02:00
Will Morgan
9732a7fb3b Fixing typo on Validator exception message 2013-04-24 18:50:40 +02:00
uniun
4d70daa9e2 BUG: HiddenFields and VisibleFields should always return extraFields
HiddenFields() and VisibleFields() should always return extraFields, e.g. HiddenFields doesn't return SecurityID if it is called before Fields().
2013-04-17 20:31:17 +02:00
Ingo Schommer
3334eafcb1 API Marked statics private, use Config API instead (#8317)
See "Static configuration properties are now immutable, you must use Config API." in the 3.1 change log for details.
2013-03-24 17:20:53 +01:00
Ingo Schommer
0a9f3b75a9 Fixed deprecated usage of <% control %> 2013-03-19 12:58:14 +01:00
Graeme Smith
a1114b8fcb MINOR: Correct exception message in constructor 2013-02-18 15:01:48 +00:00
Ingo Schommer
14dcc82e76 BUG Find Form actions in CompositeFields for access checks
This bug was introduced with the new nested CMS actions
around December 2012, but wasn't noticed until now
because checkAccessAction() would wrongly return TRUE
before the dataFieldByName() check was reached.
2013-02-18 15:30:36 +01:00
Ingo Schommer
634c91c6ff Merge remote-tracking branch 'origin/3.0' into 3.1
Conflicts:
	email/Mailer.php
2013-01-30 12:46:24 +01:00
Sam Minnee
9a2ba483df BUGFIX: Made CSRF-error wording friendlier. 2013-01-29 18:03:49 +01:00
Simon Welsh
3439e30ac1 Corrects indentation and line length 2013-01-24 19:56:02 +13:00
Ingo Schommer
37f4d2e21f Merge remote-tracking branch 'origin/3.0' into 3.1 2013-01-21 11:15:17 +01:00
Ingo Schommer
c11b3918fc Merge remote-tracking branch 'origin/3.0' into 3.1
Conflicts:
	admin/css/screen.css
	admin/scss/_style.scss
	core/PaginatedList.php
	email/Mailer.php
2013-01-21 11:14:57 +01:00
Ingo Schommer
5d37d55f35 BUG Form session message clearing regression
Regression originally from 729bcc95, but made visible by 014f541a8
2013-01-21 11:11:21 +01:00
Ingo Schommer
014f541a89 BUG Regression in Form->clearMessage() (fixes #8186)
See 729bcc9
2013-01-15 14:25:07 +01:00
Ingo Schommer
e7e6c45aee Merge pull request #1082 from sminnee/form-improvements
Form improvements
2013-01-11 02:29:14 -08:00
Hamish Friedlander
2916f2043c NEW: Improve HTTP caching logic to automatically disable caching for requests that use the session.
This improvement makes it easier to set a side-wide default cache time without needing to worry about CSRF-protected forms, etc.
2013-01-08 17:47:05 +13:00
Sam Minnee
729bcc95db BUGFIX: Don't clear form messages unless forTemplate() is actually called.
BUGFIX: Clear session-stored form data as well as form error message.
2013-01-08 17:45:17 +13:00
Ingo Schommer
644cc79ebb API Removed methods previously deprecated in 3.0 2012-12-14 01:16:47 +01:00
Simon Welsh
b0121b541c Add codesniffer that ensures indentation is with tabs. 2012-12-12 17:33:31 +13:00
Simon Welsh
fc5dd2994c Add codesniffer that ensures indentation is with tabs. 2012-12-12 00:12:11 +13:00
Ingo Schommer
c55c7c33f8 Merge branch '3.0'
Conflicts:
	admin/code/CMSProfileController.php
	composer.json
	tests/model/DataObjectTest.php
2012-11-22 23:51:28 +01:00
Hamish Friedlander
0dd97a38f6 API: Form#loadDataFrom 2nd arg now sets how existing field data is merged with new data 2012-11-16 12:36:00 +13:00
Sean Harvey
b43b023c1e Remove deprecated security token methods on Form
Use SecurityToken class directly instead
2012-11-15 14:43:18 +13:00
Sean Harvey
63820130c2 Remove deprecated Form::FormEncType(), use getEncType() instead 2012-11-15 14:43:17 +13:00
Sean Harvey
4e355bdb19 Removing deprecated methods on Form
Use FieldList API through Form::Fields() and Form::Actions() instead
2012-11-15 14:43:17 +13:00
Sam Minnee
1f7fc1f76a FIX Remove instances of lines longer than 120c
The entire framework repo (with the exception of system-generated files) has been amended to respect the 120c line-length limit.  This is in preparation for the enforcement of this rule with PHP_CodeSniffer.
2012-09-30 17:18:13 +13:00
Ingo Schommer
e2f073f38a Method visibility according to coding conventions 2012-09-20 10:46:59 +02:00
unclecheese
e2c1deb4f7 MINOR Chainable Form->loadDataFrom() 2012-06-20 17:01:16 +02:00
Sean Harvey
7fe0858be1 API CHANGE Marked Form::unsetFieldFromTab() as deprecated. Please use
Fields() and the FieldList API instead.
2012-05-31 14:29:58 +12:00
Sean Harvey
a84ef8d8f3 MINOR Don't use template method Actions internally in Form 2012-05-24 10:49:47 +12:00
Sean Harvey
c7e0cee637 API CHANGE Add Form->getController() and use this instead of Controller::curr() in FileIFrameField
API CHANGE Add Form->getName() and deprecate Form->Name(), use getName() instead.
2012-05-24 10:46:57 +12:00
Ingo Schommer
c2339d2181 API CHANGE Removed FormResponse handling for erroneous ajax requests in Form->validate(), use javascript validation instead, or reload the whole form with new HTML including the error messages 2012-04-30 17:15:30 +02:00
Mateusz Uzdowski
b561786825 MINOR: change the ugly user-facing CSRF message to more friendly
User does not necessarily knows what CSRF is, and tends to get scared by
this, thinking he has abused something. On the other hand users tend to
know what session expiry means.
2012-04-26 13:57:16 +12:00
Ingo Schommer
ee70e0a5b7 MINOR Fixed returns of Form->unsetValidator() 2012-04-17 11:03:09 +02:00
Simon Welsh
3a6341a251 API-CHANGE sapphire folder can now be renamed. 2012-04-15 10:50:19 +12:00
Sam Minnee
1d5065f4a7 BUGFIX: Removed reference to non-existence function Form::handleAction(). 2012-03-19 13:10:51 +13:00
Sam Minnee
067204d003 BUGFIX: Prevent 500 error when a HEAD request is sent to its action URL. 2012-03-19 09:26:20 +13:00
Sam Minnee
3d54668896 MINOR: Added explicit 'public' keyword on functions. 2012-03-09 15:42:31 +13:00
Sam Minnee
ba93028b01 API CHANGE: Added Form::VisibleFields() and FieldList::VisibleFields(), which list everything except hidden fields, to assist with the creation of custom form layouts. 2012-03-09 15:41:42 +13:00
Sean Harvey
9f3344b355 API CHANGE Removed built-in behaviour.js client-side form validation.
This is no longer supported. Please use custom client-side validation instead. (see 3.0.0 changelog
for more information)
2012-03-09 12:19:57 +13:00
Ingo Schommer
bcc73de85e Merge branch '106-add-edit-records-rc'
Conflicts:
	admin/code/LeftAndMain.php
	admin/css/screen.css
	admin/scss/_style.scss
	admin/templates/Includes/LeftAndMain_EditForm.ss
	css/GridField.css
	filesystem/Folder.php
	forms/gridfield/GridField.php
	forms/gridfield/GridFieldDefaultColumns.php
	forms/gridfield/GridFieldPopupForms.php
2012-02-27 23:58:10 +01:00
Ingo Schommer
7602d081a2 ENHANCEMENT Fluent interface in Form API by returning instance from all setters 2012-02-17 13:35:26 +01:00
Andrew O'Neil
a76c9c3c5e BUGFIX Fix checkFieldsForAction() when working with tabs 2012-02-09 11:46:33 +13:00
Stig Lindqvist
39372497df BUGFIX GridField_Actions did not work in more complex Forms with tabsets (i.e SecurityAdmin) when using GridField_Action
BUGFIX Empty GridState data causes isset error
BUGFIX Last field of GridFieldFilter outputs wrong label
2012-01-09 18:41:23 +13:00
Stig Lindqvist
3c516b7b97 API CHANGE: Refactored GridField modifiers into GridField_ColumnProvider, GridField_HTMLProvider, GridField_ActionProvider, and GridField_DataModifier interfaces, all added as components in the config.
API CHANGE: Simplified state handling so that it's just a key store. Affectors are replaced with GridField_ActionProviders. API CHANGE: Removed GridField state manipulation actions instead opting for GridField_ActionProvider actions.
API CHANGE: Removed support for modifiers that add "body" rows, instead having core support for generating the body rows hardcoded into the GridField.
API CHANGE: Allow modification of columns across the whole GridField with the GridField_ColumnProvider interface.
API CHANGE: Renamed GridField_AlterAction to GridField_Action, and added actionName/args parameters, since it can be used for all actions (including batch actions and row actions)
API CHANGE: Removed GridFieldRow class.
2012-01-09 13:30:34 +13:00
Ingo Schommer
72694d8349 ENHANCEMENT Custom form attributes through Form->setAttribute() 2012-01-02 16:49:33 +01:00