tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity
18,349 Commits 31 Branches 527 Tags 162 MiB
PHP 99.4%
Scheme 0.5%
6348f2e3e8
Go to file
Antony Thorpe 6348f2e3e8 Updated Form.php & 04_Form_Security.md 
Changed the `strictFormMethodCheck` protected property from false to true to step out on the front foot with this security setting.  In the documentation under the title [Cross-Site Request Forgery](https://github.com/silverstripe/silverstripe-framework/blob/master/docs/en/02_Developer_Guides/09_Security/04_Secure_Coding.md#cross-site-request-forgery-csrf) it states, "it is also recommended to limit form submissions to the intended HTTP verb (mostly GET or POST) through [api:Form::setStrictFormMethodCheck()]."  The same advice is noted in [Form Security](c2292a4cc1/docs/en/02_Developer_Guides/03_Forms/04_Form_Security.md (strict-form-submission)).

Why not make this the default behaviour?  Is there a scenario where this would cause a problem?  Have manually tested in the CMS (alpha7) and is working fine.

Note: Original commit that establised the API Form::setStrictFormMethodCheck is 14c59be8.
2017-06-06 21:10:49 +12:00
_config API Rename services to match FQN of interface / classes 2017-05-16 14:15:49 +12:00
.tx remove js transifex 2017-04-28 14:59:42 +12:00
client Remove client side lang 2017-04-28 14:59:42 +12:00
docs Updated Form.php & 04_Form_Security.md 2017-06-06 21:10:49 +12:00
lang Merge pull request #6879 from mikenz/patch-11 2017-05-11 11:57:46 +01:00
src Updated Form.php & 04_Form_Security.md 2017-06-06 21:10:49 +12:00
templates Fix update ss template FormActions to be closer to React's implementation 2017-05-15 10:44:58 +12:00
tests FIX Bracket should implement TestOnly 2017-05-30 22:44:24 +01:00
thirdparty Remove JSMin library 2017-05-10 15:01:30 +12:00
_config.php Simplify config for admin removal 2017-03-14 10:22:45 +13:00
_register_database.php Setting default db adapter in installation as PDO MySQL with MySQLi as fail safe. 2016-11-02 19:51:13 +13:00
.codecov.yml Turn off codecov commenting on PRs 2016-10-12 16:31:22 +01:00
.editorconfig API Include psr-2 checks in CI 2016-11-29 13:00:58 +13:00
.gitattributes Moved frontend code from dist/ to src/ 2017-03-15 11:07:17 +13:00
.gitignore NEW: Don’t set up SilverStripe project for test run 2016-09-16 16:16:44 +12:00
.htaccess TinyMCE 4 optimisations. Use TinyMCE_Compressor. 2016-04-04 07:58:45 +12:00
.scrutinizer.yml Added better Scrutinizer support 2015-05-12 23:27:36 +12:00
.travis.yml Temporarily switch to composer 1.5 2017-05-23 13:50:35 +12:00
.upgrade.yml API Remove legacy HTMLEditor classes 2017-05-30 11:01:28 +12:00
behat.yml API Upgrade to behat 3 2017-05-05 14:32:07 +12:00
cli-script.php Added check for register_argc_argv 2017-02-26 20:01:18 +10:00
composer.json Revert "[Improvement|testing] Use scriptfusion to immediately print PHPUnit output" 2017-05-22 21:02:34 +12:00
CONTRIBUTING.md Add copyright note to contributing.md 2016-05-30 14:32:19 +12:00
LICENSE FIX: Add separate license file to match module standard. 2017-03-29 12:49:43 +13:00
main.css FIX stringify api call body to work for IE10 (#6032) 2016-09-21 14:45:30 +12:00
main.php API Substitute core config system with new silverstripe/config module 2017-02-27 16:54:01 +13:00
main.php5 MINORE: Remove training whitespace. 2016-01-07 10:15:54 +13:00
phpcs.xml.dist Add lint-clean and cleanup code linting 2017-05-16 05:01:51 +12:00
phpunit.xml.dist Revert "[Improvement|testing] Use scriptfusion to immediately print PHPUnit output" 2017-05-22 21:02:34 +12:00
README.md FIX: Add separate license file to match module standard. 2017-03-29 12:49:43 +13:00
sake Install sake into /usr/local/bin. /usr is now protected on OSX 2016-01-22 18:48:58 +00:00
silverstripe_version API CHANGE silverstripe_version file now contains the plain version number, rather than an SVN path 2012-02-01 18:42:21 +01:00
web.config Improve IIS security 2015-05-11 12:01:30 +12:00

README.md

SilverStripe Framework

Build Status Latest Stable Version Latest Unstable Version codecov Total Downloads License Dependency Status Reference Status helpfulrobot

PHP5 framework forming the base for the SilverStripe CMS (http://silverstripe.org). Requires a silverstripe-installer base project. Typically used alongside the cms module.

Installation

See installation on different platforms, and installation from source.

Bugtracker

Bugs are tracked on github.com. Please read our issue reporting guidelines.

Development and Contribution

If you would like to make changes to the SilverStripe core codebase, we have an extensive guide to contributing code.

Links