silverstripe-framework/forms
Ingo Schommer fb784af738 API Enforce $allowed_actions in RequestHandler->checkAccessAction()
See discussion at https://groups.google.com/forum/?fromgroups#!topic/silverstripe-dev/Dodomh9QZjk

Fixes an access issue where all public methods on FormField were allowed,
and not checked for $allowed_actions. Before this patch you could e.g.
call FormField->Value() on the first field by using action_Value.

Removes the following assertion because it only worked due to RequestHandlingTest_AllowedControllerExtension
*not* having $allowed_extensions declared: "Actions on magic methods are only accessible if explicitly allowed on the controller."
2013-06-24 14:50:40 +02:00
..
gridfield API Enforce $allowed_actions in RequestHandler->checkAccessAction() 2013-06-24 14:50:40 +02:00
AjaxUniqueTextField.php
CheckboxField.php Merge remote-tracking branch 'origin/3.0' into 3.1 2013-04-12 01:13:32 +02:00
CheckboxSetField.php BUG UnsavedRelationList aren't checked 2013-02-19 14:58:31 +00:00
CompositeField.php Fixed deprecated usage of <% control %> 2013-03-19 12:58:14 +01:00
ConfirmedPasswordField.php FIX: ConfirmedPasswordField used to expose existing hash 2013-06-20 14:09:30 +12:00
CountryDropdownField.php API Marked statics private, use Config API instead (#8317) 2013-03-24 17:20:53 +01:00
CreditCardField.php
CurrencyField.php API Copying instance props on FormField readonly/disabled transformations 2012-12-14 01:58:04 +01:00
DatalessField.php
DateField.php API Marked statics private, use Config API instead (#8317) 2013-03-24 17:20:53 +01:00
DatetimeField.php DatetimeField returns wrong year 2013-04-13 06:26:52 +08:00
DisabledTransformation.php
DropdownField.php NEW Disable items in DropdownField and GroupedDropdownField 2013-01-11 16:32:20 +01:00
EmailField.php
FieldGroup.php Avoid mid-sentence periods in combined field validation messages 2013-03-08 12:16:03 +01:00
FieldList.php API: Allow array of fields passed to FieldList::removeByName() 2013-05-25 15:31:30 +12:00
FileField.php API UploadField functions on new records 2013-05-27 15:22:59 +12:00
Form.php API Enforce $allowed_actions in RequestHandler->checkAccessAction() 2013-06-24 14:50:40 +02:00
FormAction.php Merge remote-tracking branch 'origin/3.0' into 3.1 2013-02-26 13:28:35 +01:00
FormField.php API UploadField functions on new records 2013-05-27 15:22:59 +12:00
FormScaffolder.php
FormTransformation.php
GroupedDropdownField.php NEW Disable items in DropdownField and GroupedDropdownField 2013-01-11 16:32:20 +01:00
HeaderField.php FIX Remove instances of lines longer than 120c 2012-09-30 17:18:13 +13:00
HiddenField.php
HtmlEditorConfig.php API Marked statics private, use Config API instead (#8317) 2013-03-24 17:20:53 +01:00
HtmlEditorField.php BUG Fixed issue where file upload via the HTML Editor media dialogue would not prompt users to overwrite existing files 2013-06-20 15:21:18 +12:00
InlineFormAction.php API Copying instance props on FormField readonly/disabled transformations 2012-12-14 01:58:04 +01:00
LabelField.php
ListboxField.php BUG UnsavedRelationList aren't checked 2013-02-19 14:58:31 +00:00
LiteralField.php
LookupField.php FIX: Add support for multi dimensional source arrays in LookupField (open/6132) 2013-05-11 00:01:39 +12:00
MemberDatetimeOptionsetField.php Merge remote-tracking branch 'origin/3.0' into 3.1 2013-02-18 14:31:57 +13:00
MoneyField.php
NestedForm.php
NullableField.php
NumericField.php Include Zend_Locale_Format 2013-05-13 10:55:05 -07:00
OptionsetField.php API Copying instance props on FormField readonly/disabled transformations 2012-12-14 01:58:04 +01:00
PasswordField.php Add autocomplete=off switch for the password field. 2013-06-12 09:41:18 +12:00
PhoneNumberField.php BUG Fixed incorrect variable usage in generation of PhoneNumberField form fields 2013-04-12 15:13:58 +12:00
PrintableTransformation.php
ReadonlyField.php NEW: Add ReadonlyField::setIncludeHiddenField() 2013-01-08 17:45:17 +13:00
ReadonlyTransformation.php
RequiredFields.php FIX: Removed notice-level error after forms w/ required fields are made readonly. 2013-01-29 18:03:47 +01:00
ResetFormAction.php
SelectionGroup.php
Tab.php
TabSet.php
TabularStyle.php
TextareaField.php Merge remote-tracking branch 'origin/3.0' into 3.1 2013-01-21 11:14:57 +01:00
TextField.php
TimeField.php API Marked statics private, use Config API instead (#8317) 2013-03-24 17:20:53 +01:00
ToggleCompositeField.php
ToggleField.php
TreeDropdownField.php NEW Enforce max node counts to avoid excessive resource usage 2013-04-09 10:24:18 +12:00
TreeMultiselectField.php FIX #8328 Expose previously selected values of TreeMultiSelectField so they are not wipped out when selecting more values at an higher level in hierarchy 2013-03-19 08:48:44 +13:00
UploadField.php API Enforce $allowed_actions in RequestHandler->checkAccessAction() 2013-06-24 14:50:40 +02:00
Validator.php