It was using $fieldName, which is the CSV field name, not the database
field name. This prevents duplicate detection from working. It now
properly uses $SQL_fieldName
The transactionStart() naming is 3.x, and used by some modules
which are otherwise still 2.x compatible.
Specifically, this was added to avoid branching the payment module
into separate 2.x and 3.x compatible branches.
This will prevent empty passwords to set the encryption to 'none',
which in turn will store any subsequent password changes in cleartext.
Reproduceable e.g. with ConfirmedPasswordField and setCanBeEmpty(true).
Controller (and subclasses) failed to enforce $allowed_action restrictions
on parent classes if a child class didn't have it explicitly defined.
Controllers which are extended with $allowed_actions (through an Extension)
now deny access to methods defined on the controller, unless this class also has them in its own
$allowed_actions definition.
- Avoid using "if" to check for file existence (use try_files instead)
- Replicate the behavior of the .htaccess files
- TODO: get static error pages to work
Same behaviour as with 3.0 bootstrap.php and the
2.4 cli-script.php (which it is based on).
This allows to use GET switches which are evaluated in _config.php
files, e.g. db=<db-alias> settings for running tests
with various DBs without changing the underlying PHP config.
Due to git limitations, we can't check out the blackcandy
"parent" theme into themes/blackcandy/ directly, since that
would require sharing paths with git repositories of other themes.
The "sanitychecks" group excludes through phpunit.xml.dist.
Removed RestfulService->testHttpErrorWithoutCache()
since its not sufficiently isolated in terms of testing.
Has been refactored in 3.x, but too intrusive to backport.
Changes mainly necessary to get Travis builds passing,
since we don't want to start mucking around with
dynamically generated file-to-url mappings just to
get *unit* tests passing - as opposed to integration-testing
the whole environment incl. webserver.
Return true for Director::is_absolute_url() checks if they're prefixed with two or more slashes (as browsers interpret this as a valid URL)
More solid URL checks in Director::is_site_url(), using a conservative parse_url() hostname comparison rather than Director::makeRelative(), which is not designed for security purposes
