Ingo Schommer
114b0a5ea7
NEW Option for secure "remember me" cookie
...
Fixes #8234
2018-07-30 16:41:49 +01:00
Ingo Schommer
259aa06010
DOCS More resilient example domain
...
myapp.com is owned, example.com is specifically reserved for documentation use cases:
https://en.wikipedia.org/wiki/Example.com
[ci skip]
2018-06-26 10:13:36 +12:00
Ingo Schommer
2e1e8e07b9
DOCS Consistent app/ folder and composer use
...
- Stronger wording around "use composer"
- Consistent domain and email address naming
- Removed example for publishing non-composer modules (those shouldn't be encouraged)
- Removed instructions for installing modules from archives
[ci skip]
2018-06-25 10:40:19 +12:00
Damian Mooyman
3ea98cdb13
Migrate documentation from 3.x
2018-06-13 14:50:02 +12:00
Robbie Averill
1505a89a63
Update to include note about auto redirect to HTTPS for basic auth
2018-04-24 16:42:52 +12:00
Damian Mooyman
cdfb413395
Code block whitespace / formatting cleanup
2017-10-27 15:38:27 +13:00
Aaron Carlino
e7274b0ee4
Add namespaces
2017-10-27 12:45:26 +13:00
Aaron Carlino
50c8a02bff
remove tabs
2017-08-07 15:11:17 +12:00
Aaron Carlino
6c0629f025
Remove more deprecated APIs
2017-08-07 14:01:38 +12:00
Aaron Carlino
e4fba5a7b1
add use statements
2017-08-07 14:01:38 +12:00
Aaron Carlino
84feab5a68
Yeah psr2 functions
2017-08-07 14:01:38 +12:00
Aaron Carlino
4c7a068b28
classes psr2
2017-08-07 14:01:38 +12:00
Aaron Carlino
2414eaeafd
Yay, clean arrays
2017-08-07 14:01:38 +12:00
Aaron Carlino
eb1695c03d
Replace all legacy ::: syntax with GFMD tags
2017-08-07 14:01:38 +12:00
Saophalkun Ponlu
63ba092765
FIX Add namespaces in markdown docs ( #7088 )
...
* FIX Add namespaces in markdown docs
* FIX Convert doc [link] to [link-text](link-uri)
2017-07-03 13:22:12 +12:00
Sam Minnee
ccc86306b6
NEW: Add TrustedProxyMiddleware
...
API: SS_TRUSTED_PROXY_HOST_HEADER replace with middleware config
API: SS_TRUSTED_PROXY_PROTOCOL_HEADER replace with middleware config
API: SS_TRUSTED_PROXY_IP_HEADER replace with middleware config
API: Front-End-Https = “on” header no longer supported
This middleware replaces the TRUSTED_PROXY setting and shifts its
configuration out of the env vars and bootstrap and into the Director
flow.
2017-06-27 13:32:39 +12:00
Simon Gow
5f82997690
Secure Coding - Security Headers, Force HTTPS and Cookies
...
- Amending best practices for secure coding to enforce HTTPS
- Add security headers to enforce HTTPS
- Ensure secure cookies are used.
- Added links for testing, changed documentation as part of peer review.
- Arrange headers to work with HTTP interface.
- fixed Cache-Control case
- Added reference to Secure Sessions.
- Replaced Cardinality with unique
- Fixed innacurate reference to decendant.
- Consistent spelling
- Databases over DBMSs
2017-04-13 13:59:02 +12:00
Daniel Hensby
6e096f6172
DOCS Updated environment management docs to use .env file
2017-01-31 21:28:51 +00:00
Damian Mooyman
bfd9cb1aca
Rename SS_ prefixed classes ( #5974 )
2016-09-09 18:43:05 +12:00
Ingo Schommer
c96e031367
Moved coding conventions docs into contributing folder
...
Also created a contributing/coding_conventions landing page separately from the PHP ones, since we now need to account for JS and CSS conventions as well
2016-06-13 08:30:44 +12:00
Damian Mooyman
d52db0ba34
Merge 3 into master
...
# Conflicts:
# .travis.yml
# admin/css/ie7.css
# admin/css/ie7.css.map
# admin/css/ie8.css.map
# admin/css/screen.css
# admin/css/screen.css.map
# admin/javascript/LeftAndMain.js
# admin/scss/_style.scss
# admin/scss/_uitheme.scss
# control/HTTPRequest.php
# core/Object.php
# css/AssetUploadField.css
# css/AssetUploadField.css.map
# css/ConfirmedPasswordField.css.map
# css/Form.css.map
# css/GridField.css.map
# css/TreeDropdownField.css.map
# css/UploadField.css
# css/UploadField.css.map
# css/debug.css.map
# dev/Debug.php
# docs/en/00_Getting_Started/00_Server_Requirements.md
# docs/en/02_Developer_Guides/06_Testing/00_Unit_Testing.md
# docs/en/02_Developer_Guides/06_Testing/index.md
# docs/en/02_Developer_Guides/14_Files/02_Images.md
# docs/en/02_Developer_Guides/15_Customising_the_Admin_Interface/How_Tos/Extend_CMS_Interface.md
# filesystem/File.php
# filesystem/Folder.php
# filesystem/GD.php
# filesystem/Upload.php
# forms/ToggleField.php
# forms/Validator.php
# javascript/lang/en_GB.js
# javascript/lang/fr.js
# javascript/lang/src/en.js
# javascript/lang/src/fr.js
# model/Image.php
# model/UnsavedRelationList.php
# model/Versioned.php
# model/connect/MySQLDatabase.php
# model/fieldtypes/DBField.php
# model/fieldtypes/Enum.php
# scss/AssetUploadField.scss
# scss/UploadField.scss
# templates/email/ChangePasswordEmail.ss
# templates/forms/DropdownField.ss
# tests/behat/features/bootstrap/SilverStripe/Framework/Test/Behaviour/CmsFormsContext.php
# tests/behat/features/bootstrap/SilverStripe/Framework/Test/Behaviour/CmsUiContext.php
# tests/forms/EnumFieldTest.php
# tests/security/MemberTest.php
# tests/security/MemberTest.yml
# tests/security/SecurityTest.php
2016-04-29 17:50:55 +12:00
Daniel Hensby
745faebd81
Merge 3.2 into 3.3
...
Conflicts:
.travis.yml
2016-04-26 00:17:09 +01:00
Damian Mooyman
b8e7f9a934
Standardise spelling of "customise"
...
Fixes #3988
2016-03-30 13:17:28 +13:00
Ingo Schommer
f36b110db3
Merge remote-tracking branch 'origin/3.3'
2016-03-04 17:06:04 +13:00
Damian Mooyman
24a6c53645
Merge branch '3.2' into 3.3
...
# Conflicts:
# admin/code/ModelAdmin.php
# lang/cs.yml
# lang/lt.yml
# lang/sk.yml
2016-02-29 17:03:22 +13:00
Damian Mooyman
2c1f837442
Merge branch '3.1' into 3.2
...
# Conflicts:
# docs/en/01_Tutorials/02_Extending_A_Basic_Site.md
# docs/en/01_Tutorials/03_Forms.md
# docs/en/02_Developer_Guides/00_Model/08_SQL_Query.md
# docs/en/02_Developer_Guides/00_Model/10_Versioning.md
# docs/en/02_Developer_Guides/03_Forms/Field_types/01_Common_Subclasses.md
# docs/en/02_Developer_Guides/03_Forms/Field_types/05_UploadField.md
# docs/en/02_Developer_Guides/09_Security/01_Access_Control.md
# docs/en/02_Developer_Guides/09_Security/04_Secure_Coding.md
# docs/en/02_Developer_Guides/14_Files/01_Image.md
# docs/en/02_Developer_Guides/14_Files/index.md
# lang/cs.yml
# lang/fi.yml
# lang/sk.yml
2016-02-29 16:59:20 +13:00
Damian Mooyman
3b0a9f4ba2
Merge remote-tracking branch 'origin/3'
...
# Conflicts:
# admin/javascript/LeftAndMain.Menu.js
# control/HTTPRequest.php
# css/GridField.css
# css/GridField.css.map
# docs/en/02_Developer_Guides/03_Forms/Field_types/01_Common_Subclasses.md
# docs/en/02_Developer_Guides/06_Testing/00_Unit_Testing.md
# docs/en/02_Developer_Guides/06_Testing/index.md
# docs/en/02_Developer_Guides/14_Files/01_File_Management.md
# docs/en/02_Developer_Guides/14_Files/02_Images.md
# filesystem/Upload.php
# javascript/HtmlEditorField.js
# model/Image.php
# model/connect/MySQLDatabase.php
# model/fieldtypes/Enum.php
# model/versioning/Versioned.php
# scss/GridField.scss
2016-02-25 14:51:59 +13:00
Damian Mooyman
5f2d3f31d7
Merge remote-tracking branch 'origin/3.2' into 3.3
...
# Conflicts:
# dev/DevelopmentAdmin.php
# docs/en/02_Developer_Guides/08_Performance/02_HTTP_Cache_Headers.md
# lang/cs.yml
# lang/lt.yml
2016-02-24 17:29:06 +13:00
Damian Mooyman
ff5ed6efeb
Merge remote-tracking branch 'origin/3.2.2' into 3.2
2016-02-24 17:03:43 +13:00
Damian Mooyman
06d5050321
Merge remote-tracking branch 'origin/3.1.17' into 3.1
2016-02-24 16:54:18 +13:00
Ingo Schommer
37059eb6b3
[ss-2016-003] Hostname, IP and Protocol Spoofing through HTTP Headers
2016-02-24 11:47:16 +13:00
Ingo Schommer
faa94d51d5
[ss-2016-003] Hostname, IP and Protocol Spoofing through HTTP Headers
2016-02-24 11:33:54 +13:00
Ingo Schommer
893e49703d
[ss-2016-003] Hostname, IP and Protocol Spoofing through HTTP Headers
2016-02-18 17:28:54 +13:00
David Alexander
903379bde2
DOCS 3.2 : fixing api: links now that api: tag parser working
...
fixed a couple of external links
fixed a docs link
2016-02-17 18:02:38 -07:00
David Alexander
febbd35b51
DOCS 3.1 : fixing api: links
...
missed one
2016-02-17 03:00:22 -07:00
Damian Mooyman
e6b877df27
Merge remote-tracking branch 'origin/3'
...
# Conflicts:
# control/Director.php
# control/HTTP.php
# core/startup/ParameterConfirmationToken.php
# docs/en/00_Getting_Started/01_Installation/05_Common_Problems.md
# docs/en/00_Getting_Started/04_Directory_Structure.md
# docs/en/00_Getting_Started/05_Coding_Conventions.md
# docs/en/01_Tutorials/01_Building_A_Basic_Site.md
# docs/en/01_Tutorials/02_Extending_A_Basic_Site.md
# docs/en/01_Tutorials/03_Forms.md
# docs/en/01_Tutorials/04_Site_Search.md
# docs/en/01_Tutorials/05_Dataobject_Relationship_Management.md
# docs/en/02_Developer_Guides/12_Search/01_Searchcontext.md
# docs/en/02_Developer_Guides/13_i18n/index.md
# docs/en/02_Developer_Guides/15_Customising_the_Admin_Interface/06_Javascript_Development.md
# docs/en/03_Upgrading/index.md
# docs/en/changelogs/index.md
# docs/en/howto/customize-cms-menu.md
# docs/en/howto/navigation-menu.md
# docs/en/index.md
# docs/en/installation/index.md
# docs/en/installation/windows-manual-iis-6.md
# docs/en/misc/contributing/code.md
# docs/en/misc/contributing/issues.md
# docs/en/misc/module-release-process.md
# docs/en/reference/dataobject.md
# docs/en/reference/execution-pipeline.md
# docs/en/reference/grid-field.md
# docs/en/reference/modeladmin.md
# docs/en/reference/rssfeed.md
# docs/en/reference/templates.md
# docs/en/topics/commandline.md
# docs/en/topics/debugging.md
# docs/en/topics/email.md
# docs/en/topics/forms.md
# docs/en/topics/index.md
# docs/en/topics/module-development.md
# docs/en/topics/modules.md
# docs/en/topics/page-type-templates.md
# docs/en/topics/page-types.md
# docs/en/topics/search.md
# docs/en/topics/testing/index.md
# docs/en/topics/testing/testing-guide-troubleshooting.md
# docs/en/topics/theme-development.md
# docs/en/tutorials/1-building-a-basic-site.md
# docs/en/tutorials/2-extending-a-basic-site.md
# docs/en/tutorials/3-forms.md
# docs/en/tutorials/4-site-search.md
# docs/en/tutorials/5-dataobject-relationship-management.md
# docs/en/tutorials/building-a-basic-site.md
# docs/en/tutorials/dataobject-relationship-management.md
# docs/en/tutorials/extending-a-basic-site.md
# docs/en/tutorials/forms.md
# docs/en/tutorials/index.md
# docs/en/tutorials/site-search.md
# main.php
# model/SQLQuery.php
# security/ChangePasswordForm.php
# security/MemberLoginForm.php
# tests/control/ControllerTest.php
# tests/core/startup/ParameterConfirmationTokenTest.php
# tests/model/SQLQueryTest.php
# tests/security/SecurityTest.php
# tests/view/SSViewerTest.php
# view/SSTemplateParser.php
# view/SSTemplateParser.php.inc
# view/SSViewer.php
2016-01-20 13:16:27 +13:00
Damian Mooyman
5d240feaec
Merge remote-tracking branch 'origin/3.2' into 3.3
2016-01-19 15:08:24 +13:00
Damian Mooyman
46cbe809ac
Merge remote-tracking branch 'origin/3.1' into 3.2
...
# Conflicts:
# docs/en/02_Developer_Guides/09_Security/04_Secure_Coding.md
# docs/en/02_Developer_Guides/14_Files/01_Image.md
# docs/en/02_Developer_Guides/15_Customising_the_Admin_Interface/How_Tos/Customise_CMS_Menu.md
# docs/en/03_Upgrading/index.md
# docs/en/05_Contributing/01_Code.md
# forms/TreeMultiselectField.php
# security/Permission.php
2016-01-19 14:00:19 +13:00
David Alexander
5c99e33eb2
DOCS 3.1 - fixes broken internal links
2016-01-14 23:59:53 +13:00
Damian Mooyman
037467beae
API Asset Access Control implementation
2016-01-13 18:18:22 +13:00
Damian Mooyman
3e7eecf978
API Remove SQLQuery
2015-10-23 16:26:04 +13:00
Stevie Mayhew
1b57e0ca5b
FEATURE: implement getter and setter usage for response
2015-08-29 10:24:06 +12:00
Damian Mooyman
4d37e21bc6
Cleanup 3.2 changelog for release
2015-06-15 16:19:08 +12:00
Damian Mooyman
8331171f2c
Merge remote-tracking branch 'origin/3.1' into 3
...
Conflicts:
.scrutinizer.yml
admin/javascript/LeftAndMain.Panel.js
core/startup/ParameterConfirmationToken.php
dev/Debug.php
dev/FixtureBlueprint.php
docs/en/00_Getting_Started/05_Coding_Conventions.md
docs/en/00_Getting_Started/index.md
docs/en/02_Developer_Guides/01_Templates/01_Syntax.md
filesystem/File.php
filesystem/Folder.php
forms/FieldList.php
forms/LabelField.php
forms/MoneyField.php
forms/TextField.php
forms/TreeDropdownField.php
forms/Validator.php
forms/gridfield/GridField.php
forms/gridfield/GridFieldExportButton.php
lang/de.yml
lang/fi.yml
model/DataObject.php
model/SQLQuery.php
parsers/ShortcodeParser.php
security/ChangePasswordForm.php
security/Security.php
tests/control/DirectorTest.php
tests/core/startup/ParameterConfirmationTokenTest.php
tests/dev/FixtureBlueprintTest.php
tests/forms/FieldListTest.php
tests/forms/MoneyFieldTest.php
tests/model/SQLQueryTest.php
tests/security/SecurityTest.php
2015-06-02 19:13:38 +12:00
Damian Mooyman
0319f7855b
FIX Incorrect env setting in 3.1.13
2015-06-02 12:27:08 +12:00
Marcus Nyeholt
9c8fa51321
FIX Allow users to specify allowed hosts
...
Allow users to explicitly state which Hosts are allowed to be requested via
this application instance to avoid Host: header forgery attacks.
2015-05-28 15:58:39 +10:00
Damian Mooyman
75137dbab2
Ensure only trusted proxy servers have control over certain HTTP headers
2015-05-28 10:12:46 +12:00
Damian Mooyman
319b96b48b
Merge remote-tracking branch 'origin/3.1' into 3
...
Conflicts:
docs/en/02_Developer_Guides/09_Security/04_Secure_Coding.md
docs/en/05_Contributing/01_Code.md
forms/TreeDropdownField.php
model/DataObject.php
security/Member.php
tests/model/DataObjectTest.php
2015-03-11 11:40:06 +13:00
Fred Condo
82ed86f6cd
DOCS: correct broken links
...
- Correct internal links between documentation pages
- Delete defunct links to documentation removed during documentation reorganization
- Restore testing glossary
- Verify by crawling site locally
2015-02-27 16:09:15 -08:00
Damian Mooyman
88fdc75456
Merge remote-tracking branch 'composer/3.1' into 3
...
Conflicts:
.editorconfig
docs/en/00_Getting_Started/00_Server_Requirements.md
docs/en/00_Getting_Started/01_Installation/04_Other_installation_Options/Windows_IIS7.md
docs/en/00_Getting_Started/01_Installation/04_Other_installation_Options/Windows_Platform_Installer.md
docs/en/00_Getting_Started/04_Directory_Structure.md
docs/en/00_Getting_Started/index.md
docs/en/01_Tutorials/01_Building_A_Basic_Site.md
docs/en/01_Tutorials/02_Extending_A_Basic_Site.md
docs/en/01_Tutorials/03_Forms.md
docs/en/01_Tutorials/04_Site_Search.md
docs/en/01_Tutorials/05_Dataobject_Relationship_Management.md
docs/en/01_Tutorials/index.md
docs/en/02_Developer_Guides/00_Model/01_Data_Model_and_ORM.md
docs/en/02_Developer_Guides/00_Model/11_Scaffolding.md
docs/en/02_Developer_Guides/01_Templates/06_Themes.md
docs/en/02_Developer_Guides/03_Forms/How_Tos/Simple_Contact_Form.md
docs/en/02_Developer_Guides/05_Extending/05_Injector.md
docs/en/02_Developer_Guides/09_Security/04_Secure_Coding.md
docs/en/02_Developer_Guides/10_Email/index.md
docs/en/02_Developer_Guides/11_Integration/01_RestfulService.md
docs/en/02_Developer_Guides/12_Search/01_Searchcontext.md
docs/en/02_Developer_Guides/14_Files/index.md
docs/en/02_Developer_Guides/15_Customising_the_Admin_Interface/03_CMS_Layout.md
docs/en/02_Developer_Guides/15_Customising_the_Admin_Interface/06_Javascript_Development.md
docs/en/02_Developer_Guides/15_Customising_the_Admin_Interface/How_Tos/Customise_CMS_Tree.md
docs/en/02_Developer_Guides/15_Customising_the_Admin_Interface/How_Tos/Customise_Site_Reports.md
docs/en/02_Developer_Guides/18_Cookies_And_Sessions/01_Cookies.md
docs/en/04_Changelogs/3.1.9.md
docs/en/05_Contributing/00_Issues_and_Bugs.md
docs/en/05_Contributing/02_Release_Process.md
docs/en/05_Contributing/03_Documentation.md
filesystem/File.php
filesystem/GD.php
model/DataDifferencer.php
model/Versioned.php
security/BasicAuth.php
security/Member.php
tests/filesystem/FileTest.php
tests/forms/uploadfield/UploadFieldTest.php
tests/model/VersionedTest.php
tests/security/BasicAuthTest.php
2015-01-15 18:52:46 +13:00