tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 12:05:37 +00:00
Code Issues Projects Releases Wiki Activity
18,349 Commits 31 Branches 527 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Antony Thorpe 6348f2e3e8 Updated Form.php & 04_Form_Security.md 
Changed the `strictFormMethodCheck` protected property from false to true to step out on the front foot with this security setting.  In the documentation under the title [Cross-Site Request Forgery](https://github.com/silverstripe/silverstripe-framework/blob/master/docs/en/02_Developer_Guides/09_Security/04_Secure_Coding.md#cross-site-request-forgery-csrf) it states, "it is also recommended to limit form submissions to the intended HTTP verb (mostly GET or POST) through [api:Form::setStrictFormMethodCheck()]."  The same advice is noted in [Form Security](c2292a4cc1/docs/en/02_Developer_Guides/03_Forms/04_Form_Security.md (strict-form-submission)).

Why not make this the default behaviour?  Is there a scenario where this would cause a problem?  Have manually tested in the CMS (alpha7) and is working fine.

Note: Original commit that establised the API Form::setStrictFormMethodCheck is 14c59be8.
2017-06-06 21:10:49 +12:00
_config
API Rename services to match FQN of interface / classes
2017-05-16 14:15:49 +12:00
.tx
remove js transifex
2017-04-28 14:59:42 +12:00
client
Remove client side lang
2017-04-28 14:59:42 +12:00
docs
Updated Form.php & 04_Form_Security.md
2017-06-06 21:10:49 +12:00
lang
Merge pull request #6879 from mikenz/patch-11
2017-05-11 11:57:46 +01:00
src
Updated Form.php & 04_Form_Security.md
2017-06-06 21:10:49 +12:00
templates
Fix update ss template FormActions to be closer to React's implementation
2017-05-15 10:44:58 +12:00
tests
FIX Bracket should implement TestOnly
2017-05-30 22:44:24 +01:00
thirdparty
Remove JSMin library
2017-05-10 15:01:30 +12:00
_config.php
Simplify config for admin removal
2017-03-14 10:22:45 +13:00
_register_database.php
Setting default db adapter in installation as PDO MySQL with MySQLi as fail safe.
2016-11-02 19:51:13 +13:00
.codecov.yml
Turn off codecov commenting on PRs
2016-10-12 16:31:22 +01:00
.editorconfig
API Include psr-2 checks in CI
2016-11-29 13:00:58 +13:00
.gitattributes
Moved frontend code from dist/ to src/
2017-03-15 11:07:17 +13:00
.gitignore
NEW: Don’t set up SilverStripe project for test run
2016-09-16 16:16:44 +12:00
.htaccess
TinyMCE 4 optimisations. Use TinyMCE_Compressor.
2016-04-04 07:58:45 +12:00
.scrutinizer.yml
Added better Scrutinizer support
2015-05-12 23:27:36 +12:00
.travis.yml
Temporarily switch to composer 1.5
2017-05-23 13:50:35 +12:00
.upgrade.yml
API Remove legacy HTMLEditor classes
2017-05-30 11:01:28 +12:00
behat.yml
API Upgrade to behat 3
2017-05-05 14:32:07 +12:00
cli-script.php
Added check for register_argc_argv
2017-02-26 20:01:18 +10:00
composer.json
Revert "[Improvement|testing] Use scriptfusion to immediately print PHPUnit output"
2017-05-22 21:02:34 +12:00
CONTRIBUTING.md
Add copyright note to contributing.md
2016-05-30 14:32:19 +12:00
LICENSE
FIX: Add separate license file to match module standard.
2017-03-29 12:49:43 +13:00
main.css
FIX stringify api call body to work for IE10 (#6032)
2016-09-21 14:45:30 +12:00
main.php
API Substitute core config system with new silverstripe/config module
2017-02-27 16:54:01 +13:00
main.php5
MINORE: Remove training whitespace.
2016-01-07 10:15:54 +13:00
phpcs.xml.dist
Add lint-clean and cleanup code linting
2017-05-16 05:01:51 +12:00
phpunit.xml.dist
Revert "[Improvement|testing] Use scriptfusion to immediately print PHPUnit output"
2017-05-22 21:02:34 +12:00
README.md
FIX: Add separate license file to match module standard.
2017-03-29 12:49:43 +13:00
sake
Install sake into /usr/local/bin. /usr is now protected on OSX
2016-01-22 18:48:58 +00:00
silverstripe_version
API CHANGE silverstripe_version file now contains the plain version number, rather than an SVN path
2012-02-01 18:42:21 +01:00
web.config
Improve IIS security
2015-05-11 12:01:30 +12:00

README.md

SilverStripe Framework

Build Status Latest Stable Version Latest Unstable Version codecov Total Downloads License Dependency Status Reference Status helpfulrobot

PHP5 framework forming the base for the SilverStripe CMS (http://silverstripe.org). Requires a silverstripe-installer base project. Typically used alongside the cms module.

Installation

See installation on different platforms, and installation from source.

Bugtracker

Bugs are tracked on github.com. Please read our issue reporting guidelines.

Development and Contribution

If you would like to make changes to the SilverStripe core codebase, we have an extensive guide to contributing code.

Links

Description
No description provided
Readme 162 MiB
Languages
PHP 99.4%
Scheme 0.5%