Damian Mooyman
132e9b3e2f
[ss-2015-021] Fix rewrite hash links XSS
2015-11-11 16:52:53 +13:00
Damian Mooyman
1686c83826
Revert #3425 #3396 to restore deprecated functionality
...
Fixes #4514
2015-08-24 11:26:25 +12:00
Damian Mooyman
43f49e8434
Merge remote-tracking branch 'origin/3.1' into 3
...
Conflicts:
admin/code/ModelAdmin.php
control/Director.php
model/SQLQuery.php
security/Member.php
tests/control/HTTPTest.php
tests/model/SQLQueryTest.php
tests/security/SecurityTest.php
tests/view/SSViewerTest.php
2015-03-31 19:54:15 +13:00
Christopher Pitt
604c328712
Fixed XSS vulnerability relating to rewrite_hash
2015-03-20 18:17:51 +13:00
Damian Mooyman
0b1f297873
Merge remote-tracking branch 'origin/3.1'
...
Conflicts:
.travis.yml
README.md
admin/code/LeftAndMain.php
admin/css/screen.css
admin/scss/screen.scss
api/RestfulService.php
conf/ConfigureFromEnv.php
control/injector/ServiceConfigurationLocator.php
control/injector/SilverStripeServiceConfigurationLocator.php
core/ClassInfo.php
core/Object.php
css/AssetUploadField.css
css/ComplexTableField_popup.css
dev/CSSContentParser.php
dev/DevelopmentAdmin.php
docs/en/changelogs/index.md
docs/en/misc/contributing/code.md
docs/en/reference/execution-pipeline.md
filesystem/GD.php
filesystem/ImagickBackend.php
filesystem/Upload.php
forms/Form.php
forms/FormField.php
forms/HtmlEditorConfig.php
forms/gridfield/GridFieldDetailForm.php
forms/gridfield/GridFieldSortableHeader.php
lang/en.yml
model/Aggregate.php
model/DataList.php
model/DataObject.php
model/DataQuery.php
model/Image.php
model/MySQLDatabase.php
model/SQLQuery.php
model/fieldtypes/HTMLText.php
model/fieldtypes/Text.php
scss/AssetUploadField.scss
search/filters/SearchFilter.php
security/Authenticator.php
security/LoginForm.php
security/Member.php
security/MemberAuthenticator.php
security/MemberLoginForm.php
security/Security.php
tests/behat/features/bootstrap/SilverStripe/Framework/Test/Behaviour/CmsFormsContext.php
tests/control/HTTPTest.php
tests/control/RequestHandlingTest.php
tests/filesystem/UploadTest.php
tests/forms/FormTest.php
tests/forms/NumericFieldTest.php
tests/model/DataListTest.php
tests/model/DataObjectTest.php
tests/model/TextTest.php
tests/security/MemberAuthenticatorTest.php
tests/security/SecurityDefaultAdminTest.php
tests/view/SSViewerCacheBlockTest.php
tests/view/SSViewerTest.php
2014-11-18 12:45:54 +13:00
Nik
6141930f15
Copy SSViewer rewrite_hash_links regexp to SSTemplateParser
...
As this is meant to represent the same functionality in two different
areas, it should behave the same way in both.
2014-09-02 15:20:47 +12:00
Sean Harvey
07eef2ece2
Removing deprecated class/functions marked for deprecation in 3.0/3.1
2014-08-25 12:06:05 +12:00
Simon Welsh
6db96eac8f
Correct errors from differening behaviour between 3.0 and 3.1
2014-03-30 19:29:18 +13:00
Simon Welsh
f9c44e4ceb
Merge branch '3.0' into 3.1
...
Conflicts:
model/Versioned.php
view/SSTemplateParser.php
view/SSViewer.php
2014-03-30 18:15:12 +13:00
Damian Mooyman
4415a75d93
BUG Fix issue with versioned dataobjects being cached between stages
2014-03-27 13:17:29 +13:00
Ingo Schommer
ab070944d5
Merge branch 'pulls/apidocs-package-list' of https://github.com/madmatt/silverstripe-framework into madmatt-pulls/apidocs-package-list
...
Conflicts:
view/SSTemplateParser.php
view/SSTemplateParser.php.inc
2014-01-31 15:15:59 +13:00
madmatt
bebe0f6e37
Updating @package and @subpackage doc tags
2013-11-29 17:49:30 +13:00
Cam Spiers
14486902fb
Allow users to extend the SSTemplateParser by defining open & closed blocks
...
Currently the only way the extend SSTemplateParser is to define a class
extension of it and then tell the injector component to use your new
custom class. This new change allows a user to define new "open blocks"
and "closed blocks" for SSTemplateParser to use without needing to
recompile the real SSTemplateParser class.
The following example shows how the functionality can be used
to add a new <% minify %>…<% end_minify %> syntax to the template parser
In a config.yml file, define the new minify closed block to call the
static function "Minifier::minify"
```
Injector:
SSTemplateParser:
properties:
closedBlocks:
minify: "Minifier::minify"
```
Define a new class with the minify static method that returns the new
template code when regenerating templates:
```
class Minifier {
public static function minify(&$res) {
return <<<PHP
{$res['Template']['php']}
\$val = zz\Html\HTMLMinify::minify(\$val, array('optimizationLevel' => zz\Html\HTMLMinify::OPTIMIZATION_ADVANCED));
PHP;
}
}
```
2013-11-04 14:24:58 +13:00
Cam Spiers
ac418ce99e
Feature to allow that changing the SSTemplateParser through the Injector system
...
The motivation for this was to allow module developers to change what parser is used to parse SilverStripe templates.
This change enables people to compile their own version of the SilverStripe template parser and use it without modifying core files.
2013-10-18 12:42:39 +13:00
Jeremy Thomerson
f6ff39369f
FEATURE: <% include %> inherits iterator scope of parent template
2013-07-07 12:39:42 +00:00
Hamish Friedlander
ae3e3f3b44
FIX Arguments to method calls reseting scope
2013-06-25 17:35:16 +12:00
Zauberfisch
034f575003
MINOR: if no doctyle is set, include comments inside <html>
...
MINOR: if <html> tag is inside a html comment do not add a comment
2013-04-22 18:16:09 +00:00
Zauberfisch
94b37f9c85
MINOR: moved includeDebuggingComments logic into own method to allow separated tests
2013-04-22 14:12:43 +00:00
Zauberfisch
7c66e8e7a2
API: try to place source_file_comments after doctype instead of html
2013-04-22 13:53:20 +00:00
s-m
acf2ff8ce6
BUG: Fix for #1487
...
The parser could sometimes generate invalid code if the
source-file-comments were enabled, this moves the comments outside the
html-tag to circumvent these problems, update test as well.
2013-04-15 19:54:41 +02:00
s-m
29e6bd513c
BUG: Allow empty else- and else_if-blocks
...
This fix allows empty else and else-if blocks to be processed, fixes #1660
2013-04-10 16:17:44 +02:00
s-m
6a95db0eff
API: Support inequalities in templates
...
This adds support for <, <=, >, >= in templates
2013-04-08 17:07:39 +02:00
s-m
14de34cb9b
Sync template-parser files
...
The template-parser files were not in sync, there were some lines added
in SSTemplateParser.php from 3334eafcb1c42b917dcafe46d87ea32f2b1014b8
and 0a9f3b75a9195092ff7c42265ec066339d8f8aa3 , I readded those parts
into the SSTemplateParser-include-file and recreated the
SSTemplateParser.php to get to a synced state...
2013-04-05 19:12:54 +02:00
Ingo Schommer
3334eafcb1
API Marked statics private, use Config API instead ( #8317 )
...
See "Static configuration properties are now immutable, you must use Config API." in the 3.1 change log for details.
2013-03-24 17:20:53 +01:00
Ingo Schommer
0a9f3b75a9
Fixed deprecated usage of <% control %>
2013-03-19 12:58:14 +01:00
miiihi
5af35a89ce
ENHANCEMENT Allow multiline comments in SS3 templates
2013-03-07 18:45:07 +01:00
ajshort
d3629be344
BUG: Pass named include argument as objects.
...
This means you can pass objects such as lists as named parameters, not
just strings.
2013-02-14 18:31:40 +11:00
Sam Minnee
1f7fc1f76a
FIX Remove instances of lines longer than 120c
...
The entire framework repo (with the exception of system-generated files) has been amended to respect the 120c line-length limit. This is in preparation for the enforcement of this rule with PHP_CodeSniffer.
2012-09-30 17:18:13 +13:00
Ingo Schommer
e2f073f38a
Method visibility according to coding conventions
2012-09-20 10:46:59 +02:00
Hamish Friedlander
e160b76df5
BUG 7362 dont include trailing space in bare string
2012-07-23 15:42:58 +12:00
Julian Seidenberg
65e3651ff4
API-CHANGE: new translatable syntax _t function
2012-04-18 17:35:31 +12:00
Julian Seidenberg
189c305c83
API-CHANGE: parser for new i18n syntax
2012-04-18 17:35:30 +12:00
Sam Minnee
77c95b3434
MINOR: Hamish is all class. ;-)
2012-04-12 13:19:48 +12:00
Hamish Friedlander
e4a043ac0b
ENHANCEMENT: Allow arguments to be passed to templates via an array passed to SSViewer#process and via keyword=value pairs in the <% include %> tag
2012-04-11 21:34:27 +12:00
Hamish Friedlander
91f4ba15f1
ENHANCEMENT: supporting "current scope" loop and with: (with Children) (loop) $Title (end_loop) (end_with)
2012-03-06 09:31:55 +13:00
Simon Welsh
04c8e2b762
BUGFIX Generate valid PHP when $includeDebuggingComments is true.
2011-12-17 17:35:26 +13:00
Ingo Schommer
f71781d95a
MINOR Using require_once in SSTemplateParser instead of require to avoid class declaration errors when running tests through phpunit binary
2011-12-04 13:09:49 +01:00
Ingo Schommer
e2bf21ba1a
BUGFIX Escaping base URLs for anchor links rewritten by SSViewer::process() with the 'rewriteHashlinks' option enabled (which is a framework default, and necessary because of the use of a <base> tag). Also added escaping for base URLs rendered through the 'php' variation of 'rewriteHashlinks'
2011-10-18 11:42:55 +02:00
ajshort
3a1c2df4e7
API CHANGE: Renamed DataObjectDecorator to DataExtension.
...
API CHANGE: Renamed LeftAndMainDecorator to LeftAndMainExtension.
MINOR: Replaced all references to decorators with extension.
2011-04-26 11:01:38 +10:00
Ingo Schommer
9b29616710
API CHANGE Rearranged files in sapphire to reflect core dependencies more accurately, and have the tests/ folder mirror its folder structure
2011-03-31 09:56:21 +13:00