108 Commits

Author SHA1 Message Date
Ingo Schommer
0175167761 Merge pull request #4830 from open-sausages/pulls/3/fix-querystring-stage
API Disable unauthenticated get parameter access to site stage mode
2015-12-10 10:44:43 +13:00
Damian Mooyman
fa0160a874 BUG Fix regression in canViewStage 2015-12-09 14:53:21 +13:00
Damian Mooyman
6089a7c5bd API Create default security permission model for versioned data objects 2015-12-09 11:33:53 +13:00
Damian Mooyman
38e154af0a API Disable get parameter access to site stage mode
BUG Fix missing and undocumented response from Security::permissionFailure()
2015-12-07 17:39:18 +13:00
Damian Mooyman
cf9d2d12ac BUG Fix duplicate primary key crash on duplicate 2015-08-10 09:54:30 +12:00
Damian Mooyman
07c21e2880 BUG Fix deletion of orphaned versioned records when a parent _versions table has been deleted 2015-06-09 13:50:09 +12:00
Benjamin R. White
6212b4bd4b FIX: Versioned not ignoring obsolete fields 2015-02-08 18:42:36 +13:00
Damian Mooyman
19549d620f Moved deprecation of SQLQuery to 4.0 2014-12-04 09:30:50 +13:00
Daniel Hensby
3b9056fc01 NEW Cookie_Backend for managing cookie state
I've decoupled `Cookie` from the actual act of setting and getting
cookies. Currently there are a few limitations to how Cookie works that
this change mitigates:

0. `Cookie` currently changes the super global `$_COOKIE` when setting
to make the state of an application a bit more managable, but this is
bad because we shouldn't be modifying super globals
0. One can't actually change the `$cookie_class` once the
`Cookie::$inst` has been instantiated
0. One can't test cookies as there is no class that holds the state of
the cookies (it's just held in the super global which is reset as part
of `Director::test()`
0. One can't tell the origin of a cookie (eg: did the application set it
and it needs to be sent, or did we receive it from the browser?)
0. `time()` was used, so testing was made difficult
0. There was no way to get all the cookies at once (without accessing
the super global)

Todos are on the phpdoc and I'd like to write some tests for the backend
as well as update the docs (if there are any) around cookies.
DOCS Adding `Cookie` docs

Explains basic usage of `Cookie` as well as how the `Cookie_Backend`
controls the setting and getting of cookies and manages state of sent vs
received cookies
Fixing `Cookie` usage

`Cookie` is being used inconsistently with the API throughout framework.
Either by not using `force_expiry` to expire cookies or setting them to
null and then expiring them (which is redundant).
NEW `Director::test()` takes `Cookie_Backend` rather than `array` for `$cookies` param
2014-10-06 17:44:51 +13:00
Damian Mooyman
35fcb551d9 Refactor / Cleanup Versioned 2014-09-02 09:17:13 +12:00
Damian Mooyman
c140459ac6 BUG Fix versioned
Versioned is not writing Version to _version tables for subclasses of Version dataobjects which have their own DB fields
- Fix disjoint of ID / RecordID (which should be the same)
- Fix calculation of new record version
- Fix use of empty vs !isset to check for existing version
2014-09-02 09:14:08 +12:00
Damian Mooyman
eb069e605d Remove all redundant whitespace 2014-08-19 09:17:15 +12:00
Damian Mooyman
d8e9af8af8 API New Database abstraction layer. Ticket #7429
Database abstraction broken up into controller, connector, query builder, and schema manager, each independently configurable via YAML / Injector
Creation of new DBQueryGenerator for database specific generation of SQL
Support for parameterised queries, move of code base to use these over escaped conditions
Refactor of SQLQuery into separate query classes for each of INSERT UPDATE DELETE and SELECT
Support for PDO
Installation process upgraded to use new ORM
SS_DatabaseException created to handle database errors, maintaining details of raw sql and parameter details for user code designed interested in that data.
Renamed DB static methods to conform correctly to naming conventions (e.g. DB::getConn -> DB::get_conn)
3.2 upgrade docs
Performance Optimisation and simplification of code to use more concise API
API Ability for database adapters to register extensions to ConfigureFromEnv.php
2014-07-09 18:04:05 +12:00
Ingo Schommer
bb03f6ba2f Merge remote-tracking branch 'origin/3.1'
Conflicts:
	forms/HtmlEditorField.php
2014-06-15 22:50:20 +12:00
Damian Mooyman
4c5de82625 Versioned no longer sets redundant session data 2014-06-11 16:42:22 +12:00
Damian Mooyman
4a34c364e6 BUG Fix access to protected Session::current_session()
Fixes #3144
2014-05-20 10:17:33 +12:00
Damian Mooyman
ec578e5c8a Merge remote-tracking branch 'origin/3.1' 2014-05-12 11:32:22 +12:00
Damian Mooyman
ae573f829f BUG Fix Versioned stage not persisting in Session. Fixes #962
BUG Disabled disruptive test case in DirectorTest
API RequestProcessor and VersionedRequestFilter now both correctly implement RequestFilter
Better PHPDoc on RequestFilter and implementations
2014-05-06 14:11:44 +12:00
Simon Welsh
fe8dc50ffc Merge branch '3.1'
Conflicts:
	tests/view/SSViewerTest.php
2014-03-30 18:17:24 +13:00
Simon Welsh
f9c44e4ceb Merge branch '3.0' into 3.1
Conflicts:
	model/Versioned.php
	view/SSTemplateParser.php
	view/SSViewer.php
2014-03-30 18:15:12 +13:00
Damian Mooyman
4415a75d93 BUG Fix issue with versioned dataobjects being cached between stages 2014-03-27 13:17:29 +13:00
Simon Welsh
8f31352039 Merge remote-tracking branch 'origin/3.1'
Conflicts:
	.travis.yml
2014-03-16 09:36:48 +13:00
Simon Welsh
90ba514cda Merge pull request #2917 from tractorcow/pulls/fix-lazyload-queryparams
BUG Fix DataObject / Versioned publishing issues
2014-03-15 21:45:42 +13:00
Simon Welsh
5b2215308e Merge pull request #2482 from ajshort/pull-2
Fix Versioned::augmentSQL() when the data query was null.
2014-03-15 20:40:45 +13:00
Damian Mooyman
23f5f08eda BUG Fix DataObject::loadLazyFields discarding original query parameters
BUG Fix Versioned::writeToStage failing to write object with unchanged fields
2014-03-04 16:12:07 +13:00
Ingo Schommer
0d7e9a9692 Merge remote-tracking branch 'origin/3.1'
Conflicts:
	_config/routes.yml
	docs/en/topics/datamodel.md
	forms/DropdownField.php
2014-02-04 08:19:04 +13:00
Will Rossiter
587c489d0f Add getters for Versioned object properties 2014-01-30 13:59:29 +13:00
Fred Condo
b88a0955a5 API: Support string descriptors for unique indexes in Versioned
- Document the format for descriptor arrays
- Implement the behaviour that developers have come to expect for
  string descriptors of indexes
- Add test for handling of unique indexes (MySQL & sqlite3)
- Resolve #2403

Versioned needs to convert unique indexes to non-unique for its suffixed
tables, such as Foo_Live and Foo_versions. Because DataObject accepts
string descriptors such as array('UniqIDX' => 'unique (Uniq)') as well
as array-based descriptors, Versioned needs to recognize string
descriptors. This patch accomplishes that. Before, Versioned would fail
to convert string-described indexes to non-unique, resulting in run-time
errors when creating a new version of an object.
2013-12-06 10:02:44 -08:00
Ingo Schommer
dfabd54bdb Fixed support for single stage in Versioned
This used to work in 2.4, so is considered a regression.
To test, simply add a Versioned("Stage") extension to
some record in 2.4 vs. 3.1.
2013-10-24 17:09:17 +02:00
Andrew Short
156bb87d57 FIX: Move stage choosing into a pre-request filter.
This ensures that the correct stage is selected, even if the request
does not come through the model as controller system. This fixes an
issue where custom controllers would always be on the "Stage" stage.
2013-10-23 18:29:13 +13:00
Ingo Schommer
795d3e4b3b Merge remote-tracking branch 'origin/3.0' into 3.1
Conflicts:
	dev/install/install.php5
	docs/en/index.md
	tests/core/CoreTest.php
2013-10-07 16:18:20 +02:00
Andrew Short
deb1bfbcba Fix Versioned::augmentSQL() when the data query was null. 2013-10-04 00:04:55 +10:00
Ingo Schommer
74f65540a2 Validate 'archiveDate' user data in Versioned
Not a security issue as such, since the user input is sanitized
before being used in Versioned->augmentSQL(). But it shouldn't
reach the session state either, since that's commonly assumed
to be sanitized data, and it leaves unnecessary room for error.

strtotime() has fairly loose validation rules around dates,
but its a good "first line of defence".
2013-08-15 22:17:38 +02:00
Jeremy Thomerson
80808a1537 ENHANCEMENT: allow disabling of Versioned prepopulate_versionnumber_cache
In large sites this can take a very long time, drastically slowing down the CMS
admin.  Even though the versions will then need to be queried individually,
this is still significantly faster than loading hundreds of thousands of
version numbers in one query and populating the cache array.
2013-06-04 13:43:58 +00:00
Will Rossiter
651c968915 Remove redundant get_extra_config(). (Fixes #1973) 2013-05-23 18:40:52 +12:00
Damian Mooyman
734a5fb469 BUG Fixed declaration of Versioned::updateCMSFields to be compatible with DataExtension::updateCMSFields 2013-05-22 08:08:11 +12:00
Will Rossiter
f6cd582dd9 FIX: Remove version field from default scaffolded CMS fields. 2013-05-21 22:47:54 +12:00
Will Rossiter
1bc945f98c Partial code formatting / phpdoc cleanup of Versioned 2013-05-10 21:19:16 +12:00
Sean Harvey
f1a4e7203e BUG Fixing queries on non-existent table breaking archive site
With a many to many relation, e.g. SiteTree_MyRelation, and listing
them in your template then adding ?archiveDate=x in the URL, a SQL
error is shown because Versioned::augmentSQL() tries to query the
non-existent table "SiteTree_MyRelation_versions" assuming there's
versioning setup, but there isn't.
2013-05-07 12:34:46 +12:00
Ingo Schommer
9856fcef21 Merge remote-tracking branch 'origin/3.0' into 3.1
Conflicts:
	javascript/DateField.js
	model/DataQuery.php
	model/Versioned.php
	tests/forms/RequirementsTest.php
	tests/model/DataObjectLazyLoadingTest.php
	view/Requirements.php
2013-04-09 14:45:35 +02:00
Ingo Schommer
e2b42ca4c2 Fixed Versioned hook regression
Introduced by 5238e9cf48251f77f3fda095724990da3bee6803
2013-04-06 12:24:57 +02:00
Will Rossiter
5238e9cf48 API: add onBeforeRollback() and onAfterRollback() hooks. 2013-04-06 22:59:33 +13:00
Ingo Schommer
f0d92f7bcc Merge pull request #1094 from silverstripe-big-o/pulls/3.1-versioned-relfield
BUGFIX Versioned_Version->relField()
2013-04-02 02:49:27 -07:00
Ingo Schommer
3334eafcb1 API Marked statics private, use Config API instead (#8317)
See "Static configuration properties are now immutable, you must use Config API." in the 3.1 change log for details.
2013-03-24 17:20:53 +01:00
Julian Seidenberg
10199f908a API Data corruption on Versioned due to lazy loading
Lazy loading no longer loads fields from the versions table when querying. This could lead to incorrect data being displayed if the data on the object and the version it pointed to did not match.

API methods to allow setting of the context of the query that generated the DataObject on that object (used by the lazy loading mechanism to correctly query the Stage, Live, or Versions tables)

See https://github.com/silverstripe/sapphire/pull/1178 for context.
2013-02-14 14:28:42 +01:00
jean
e2bf9649f3 FIX 7934 When lazy loading fields respect version of the record 2013-02-14 14:27:44 +01:00
Julian Seidenberg
f931b8d326 API Data corruption on Versioned due to lazy loading
Lazy loading no longer loads fields from the versions table when querying. This could lead to incorrect data being displayed if the data on the object and the version it pointed to did not match.

API methods to allow setting of the context of the query that generated the DataObject on that object (used by the lazy loading mechanism to correctly query the Stage, Live, or Versions tables)

See https://github.com/silverstripe/sapphire/pull/1178 for context.
2013-02-14 14:18:10 +01:00
Simon Welsh
3439e30ac1 Corrects indentation and line length 2013-01-24 19:56:02 +13:00
Ingo Schommer
f7cd316d1f BUGFIX Versioned_Version->relField() so fields can be used in GridField etc
Copied from DataObject, since we can't use the $fallback opion in this case
(will try to retrieve from wrong class)
2013-01-14 17:01:44 +01:00
Ingo Schommer
f07ad307e4 API Removed non-functional $join argument from DataObject::get() and other APIs
See 68bb74820
2013-01-09 18:28:55 +01:00