Commit Graph

76 Commits

Author SHA1 Message Date
Ingo Schommer
fedb337aa5 BUGFIX Less strict checks for relative URL normalization in SS_HTTPRequest (regression from recent security fixes to Director::is_absolute_url()) (fixes #7359) 2012-05-20 11:16:34 +02:00
Sean Harvey
e5e8f489a2 Merge branch (pull request #247) 'template-global-fixes' of https://github.com/sminnee/sapphire into sminnee-template-global-fixes 2012-05-19 15:39:59 +12:00
Marcus Nyeholt
b269badfbe FEATURE: Added dependency injector for managing creation of new objects and their dependencies.
API CHANGE: Pass Object::create() calls to Injector::create().
API CHANGE: Add "RequestProcessor" injection point in Director, that Director will call preRequest() and postRequest() on.
2012-05-18 12:39:57 +12:00
Sean Harvey
78423c1bd0 BUGFIX Ensure HTTP::get_mime_type() checks the full path in
file_exists() before using the finfo class
2012-05-18 09:22:02 +12:00
Sean Harvey
c9bcfd49ec BUGFIX Only use finfo if the file exists, otherwise the MIME type
detection won't work, such as in the case of HTTPRequest::send_file()
2012-05-17 14:54:30 +12:00
Stig Lindqvist
7d9cf5b365 MINOR Use File::get_file_extension for fallback mime-type detection 2012-05-15 10:03:00 +12:00
Stig Lindqvist
c9bc485f34 MINOR Failover to configuration if the finfo module doesn't exists when getting file mime-type. 2012-05-14 10:04:35 +12:00
Simon Welsh
3f3e34a109 BUGFIX: Director::protocol() was returning https when $_SERVER['HTTPS'] was an empty value. 2012-05-13 20:44:16 +12:00
Ingo Schommer
a0c0154dac Merge pull request #429 from halkyon/http_changes
API CHANGE Removed old HTTP::sendRequest() and HTTP::sendPostRequest()
2012-05-11 01:03:22 -07:00
Sean Harvey
1616bae730 MINOR Adding phpdoc to HTTP::get_mime_type() 2012-05-11 14:05:40 +12:00
Stig Lindqvist
dffae1a2e7 API CHANGE: Do not rely on a specific OS mime type detection, use PHP finfo
This also removes the $global_mimetypes that was generating weird errors when both HTTP and Mailer classes tried to modify and use it.

Support of finfo should be straightforward since PHP 5.3 includes that module that default
2012-05-11 11:34:07 +12:00
Sean Harvey
8a46e38613 API CHANGE Removed old HTTP::sendRequest() and HTTP::sendPostRequest()
functions which are sparsely used, and not maintained or tested. Use custom code instead.
2012-05-11 11:04:51 +12:00
Ingo Schommer
59d31c2fc2 MINOR Removed mbstring support checks, its an installation requirement 2012-05-08 15:32:15 +02:00
Ingo Schommer
d5b3dbc6fb SECURITY Return true for Director::is_absolute_url() checks if they're prefixed with two or more slashes (as browsers interpret this as a valid URL)
SECURITY More solid URL checks in Director::is_site_url(), using a conservative parse_url() hostname comparison rather than Director::makeRelative(), which is not designed for security purposes
2012-05-04 12:10:59 +02:00
Ingo Schommer
68051fdb96 Merge pull request #371 from halkyon/sapphire
---

Dont start the session until its actually necessary, which is to say there is a cookie available with the current PHP session name (or a request variable with the session_name() - typically PHPSESSID.) The latter allows for passing session ID through as an alternative to cookies.
2012-05-03 14:58:09 +02:00
Sean Harvey
0882741f54 API CHANGE Renamed setModel for DataModel instances to setDataModel for
semantics, and also to allow a field name called "Model"
2012-05-01 14:45:44 +12:00
Sean Harvey
f63d137d49 ENHANCEMENT Session::start() now only called when there is changed
session data to be saved, and started on Director::direct() when there
is a cookie (or request var) containing the current PHP session name.
2012-04-27 16:28:46 +12:00
Sean Harvey
bd6ca59558 ENHANCEMENT Adding list-style in addition to list-style-image for URL rewrites 2012-04-27 11:20:05 +12:00
Fred Condo
4756b97daa BUGFIX: absoluteURLs() rewrites URLs in list-style-image elements
This applies the patch from and resolves #6798
2012-04-26 14:53:09 -07:00
Will Rossiter
8e8c1302a2 Merge pull request #360 from joaosantos81/master
MINOR: clear_all returns void (and not the result of inst_clearAll() invocation)
2012-04-22 01:49:53 -07:00
joaosantos81
611cd53be8 inst_clearAll() does not return anything so clear_all() method should not expect any return value from inst_clearAll invocation 2012-04-20 18:36:11 +02:00
Sean Harvey
4c6be2931b BUGFIX Removing use of deprecated Object static functions like
get_static(), set_static(), uninherited() etc. Replace with equivalent
Config system get(), update()
2012-04-18 23:10:57 +12:00
Sean Harvey
effc654009 MINOR Moved ModulePath to GenericTemplateGlobalProvider 2012-04-15 10:50:21 +12:00
Sean Harvey
8949dfa691 ENHANCEMENT Replaced locations of sapphire with $ModulePath(framework) in templates, based off Controller which implements TemplateGlobalProvider 2012-04-15 10:50:20 +12:00
Simon Welsh
f07258f3cf MINOR Update @package values to match renaming sapphire 2012-04-15 10:50:19 +12:00
Simon Welsh
3a6341a251 API-CHANGE sapphire folder can now be renamed. 2012-04-15 10:50:19 +12:00
Simon Welsh
f8082e4814 MINOR Add newline to end of files without one 2012-04-15 10:50:19 +12:00
Andrew O'Neil
d368f3605b MINOR: Remove default paramenter from handleRequest() so it complies with the interface correctly. Fixes E_STRICT warning. 2012-04-11 17:20:49 +12:00
Sam Minnee
e01b0aa3d0 ENHANCEMENT PjaxResponseNegotiator for more structured partial ajax refreshes, applied in CMS and GridField. Also fixes issues with history.pushState() and pseudo-redirects on form submissions (e.g. from page/add to page/edit/show/<new-record-id>) 2012-04-05 23:00:22 +02:00
Ingo Schommer
a44b67bae2 API CHANGE Moved RequestHandler->isAjax() to SS_HTTPRequest->isAjax() 2012-04-05 23:00:22 +02:00
Sean Harvey
58e912d4d7 MINOR Removed check for PHP versions less than 5.2 in Cookie 2012-04-03 09:54:55 +12:00
Gareth Foster
21d52d3852 BUGFIX #7018 This stops an infinite loop when Depreciation::notice is called from set_dev_servers(). This doesn't stop people from setting $dev_servers directly (not that it is used in the core code anywhere). 2012-03-24 15:57:49 +13:00
Sam Minnee
a2c1858892 BUGFIX: Return a 404, not a 500, if an invalid action is asked for on a RequestHandler. 2012-03-19 13:10:48 +13:00
Sam Minnee
8bbfa970d7 API CHANGE: Remove Controller::Now(), as it was only ever a template global provider, and use the new TemplateGlobalProvider interface on SS_Datetime instead. 2012-03-16 15:05:28 +13:00
Sam Minnee
6c35588eda API CHANGE: Rename 'PastMember' to 'IsRepeatMember' in templates.
API CHANGE: Move Controller::PastMember() to Member::is_repeat_member() in code.
API CHANGE: Removed Controller::CurrentMember(), it was only ever intended as a template global provider.
2012-03-16 15:05:28 +13:00
Ingo Schommer
e6be56e3b4 API CHANGE Removed FormResponse class, use custom HTTP status codes to communicate state on text/html responses, or use text/json for more structured data responses 2012-03-09 23:27:39 +01:00
Ingo Schommer
27fd3e5633 API CHANGE Removed Session::load_config() (no longer supported) 2012-03-09 21:17:18 +01:00
Hamish Friedlander
5ff095e561 BUGFIX: RequestHandler needs some tricks to make sure it knows when allowed_actions hasnt been provided on a class when it has been provided on an extension, now that statics from extensions isnt a feature specific hack 2012-03-09 18:16:45 +13:00
Hamish Friedlander
4315e51358 BUGFIX: Fix deprecated and removed static accessor calls 2012-03-09 18:16:44 +13:00
Mark Stephens
627708e3a8 BUGFIX: add Director::isDev parameter so we can test if we know we're dev mode already without touching the database. Used in showqueries on MySQL, so that errors are avoided when showing queries on initial switch to dev move (#6856) 2012-03-09 14:20:22 +13:00
Ingo Schommer
f9323b398c BUGFIX Type-safe checks for Controller::join_links(), allowing arguments with a value of "0" 2012-03-08 22:20:37 +01:00
Hamish Friedlander
374ed19406 API CHANGE: Change variable expose method in TemplateGlobalProvider and TemplateIteratorProvider to (a) not clash with each other and, (b) be less generic 2012-03-06 09:31:57 +13:00
Hamish Friedlander
fb246bdd08 APICHANGE: Rename getExposedVariables to match coding conventions 2012-03-06 09:31:56 +13:00
Hamish Friedlander
927dbbe717 API-CHANGE: Global template variables can now be called directly using SSViewer_DataPresenter instead of needing to inherit off ViewableData 2012-03-06 09:11:46 +13:00
Sam Minnee
adfdd068e2 Merge branch 'ereg-to-preg' of https://github.com/AngryPHPNerd/sapphire
Conflicts:
	model/fieldtypes/Date.php
2012-03-05 13:54:20 +13:00
Ingo Schommer
bcc73de85e Merge branch '106-add-edit-records-rc'
Conflicts:
	admin/code/LeftAndMain.php
	admin/css/screen.css
	admin/scss/_style.scss
	admin/templates/Includes/LeftAndMain_EditForm.ss
	css/GridField.css
	filesystem/Folder.php
	forms/gridfield/GridField.php
	forms/gridfield/GridFieldDefaultColumns.php
	forms/gridfield/GridFieldPopupForms.php
2012-02-27 23:58:10 +01:00
Julian Seidenberg
3936909980 ENHANCEMENT: working delete button 2012-02-27 23:52:48 +01:00
AngryPHPNerd
0e2cbb0b88 Replace ereg with preg_* 2012-02-27 22:14:02 +01:00
Sean Harvey
07f4cd4a78 BUGFIX Fixed undefined method suser_error() in Cookie::set() 2012-02-16 14:59:56 +13:00
Ingo Schommer
5ab007db21 MINOR Removed apache_request_headers() usage in Director::direct(), it causes inconsistencies in capitalisation over the default method (inspecting $_SERVER) 2012-02-14 13:53:35 +01:00