Merge remote-tracking branch 'security/3.5.4' into 3.6.0

This commit is contained in:
Daniel Hensby 2017-05-29 01:29:55 +01:00
commit a32988fc04
No known key found for this signature in database
GPG Key ID: B00D1E9767F0B06E
7 changed files with 96 additions and 65 deletions

View File

@ -8,7 +8,7 @@ root = true
charset = utf-8
end_of_line = lf
indent_size = 4
indent_style = tab
indent_style = space
insert_final_newline = true
trim_trailing_whitespace = true

View File

@ -15,7 +15,7 @@
*/
// This is the URL of the script that everything must be viewed with.
define('BASE_SCRIPT_URL','index.php/');
define('BASE_SCRIPT_URL', 'index.php/');
$ruLen = strlen($_SERVER['REQUEST_URI']);
$snLen = strlen($_SERVER['SCRIPT_NAME']);
@ -23,22 +23,24 @@ $snLen = strlen($_SERVER['SCRIPT_NAME']);
$isIIS = (strpos($_SERVER['SERVER_SOFTWARE'], 'Microsoft-IIS') !== false);
// IIS will populate server variables using one of these two ways
if($isIIS) {
if($_SERVER['REQUEST_URI'] == $_SERVER['SCRIPT_NAME']) {
if ($isIIS) {
if ($_SERVER['REQUEST_URI'] == $_SERVER['SCRIPT_NAME']) {
$url = "";
} else if($ruLen > $snLen && substr($_SERVER['REQUEST_URI'],0,$snLen+1) == ($_SERVER['SCRIPT_NAME'] . '/')) {
$url = substr($_SERVER['REQUEST_URI'],$snLen+1);
} elseif ($ruLen > $snLen && substr($_SERVER['REQUEST_URI'], 0, $snLen + 1) == ($_SERVER['SCRIPT_NAME'] . '/')) {
$url = substr($_SERVER['REQUEST_URI'], $snLen+1);
$url = strtok($url, '?');
} else {
$url = $_SERVER['REQUEST_URI'];
if($url[0] == '/') $url = substr($url,1);
if ($url[0] == '/') {
$url = substr($url, 1);
}
$url = strtok($url, '?');
}
// Apache will populate the server variables this way
} else {
if($ruLen > $snLen && substr($_SERVER['REQUEST_URI'],0,$snLen+1) == ($_SERVER['SCRIPT_NAME'] . '/')) {
$url = substr($_SERVER['REQUEST_URI'],$snLen+1);
if ($ruLen > $snLen && substr($_SERVER['REQUEST_URI'], 0, $snLen+1) == ($_SERVER['SCRIPT_NAME'] . '/')) {
$url = substr($_SERVER['REQUEST_URI'], $snLen+1);
$url = strtok($url, '?');
} else {
$url = "";
@ -53,9 +55,9 @@ $fileName = dirname($_SERVER['SCRIPT_FILENAME']) . '/' . $url;
* This code is a very simple wrapper for sending files
* Very quickly pass through references to files
*/
if($url && file_exists($fileName)) {
if ($url && file_exists($fileName)) {
$fileURL = (dirname($_SERVER['SCRIPT_NAME'])=='/'?'':dirname($_SERVER['SCRIPT_NAME'])) . '/' . $url;
if(isset($_SERVER['QUERY_STRING'])) {
if (isset($_SERVER['QUERY_STRING'])) {
$fileURL .= '?' . $_SERVER['QUERY_STRING'];
}
header($_SERVER['SERVER_PROTOCOL'] . ' 301 Moved Permanently');
@ -63,4 +65,4 @@ if($url && file_exists($fileName)) {
die();
}
require_once('framework/main.php');
require_once 'framework/main.php';

View File

@ -9,5 +9,8 @@
************************************************************************************
************************************************************************************/
if (!file_exists('framework') || !file_exists('framework/_config.php')) include "install-frameworkmissing.html";
else include('./framework/dev/install/install.php');
if (!file_exists('framework') || !file_exists('framework/_config.php')) {
include 'install-frameworkmissing.html';
} else {
include './framework/dev/install/install.php';
}

View File

@ -6,7 +6,7 @@ $project = 'mysite';
global $database;
$database = '';
require_once('conf/ConfigureFromEnv.php');
require_once 'conf/ConfigureFromEnv.php';
// Set the site locale
i18n::set_locale('en_US');

View File

@ -1,37 +1,10 @@
<?php
class Page extends SiteTree {
class Page extends SiteTree
{
private static $db = array(
);
private static $has_one = array(
);
}
class Page_Controller extends ContentController {
/**
* An array of actions that can be accessed via a request. Each array element should be an action name, and the
* permissions or conditions required to allow the user to access it.
*
* <code>
* array (
* 'action', // anyone can access this action
* 'action' => true, // same as above
* 'action' => 'ADMIN', // you must have ADMIN permissions to access this action
* 'action' => '->checkAction' // you can only access this action if $this->checkAction() returns true
* );
* </code>
*
* @var array
*/
private static $allowed_actions = array (
);
public function init() {
parent::init();
// You can include any CSS or JS required by your project here.
// See: http://doc.silverstripe.org/framework/en/reference/requirements
}
}

View File

@ -0,0 +1,29 @@
<?php
class Page_Controller extends ContentController
{
/**
* An array of actions that can be accessed via a request. Each array element should be an action name, and the
* permissions or conditions required to allow the user to access it.
*
* <code>
* array (
* 'action', // anyone can access this action
* 'action' => true, // same as above
* 'action' => 'ADMIN', // you must have ADMIN permissions to access this action
* 'action' => '->checkAction' // you can only access this action if $this->checkAction() returns true
* );
* </code>
*
* @var array
*/
private static $allowed_actions = array(
);
public function init()
{
parent::init();
// You can include any CSS or JS required by your project here.
// See: http://doc.silverstripe.org/framework/en/reference/requirements
}
}

24
phpcs.xml.dist Normal file
View File

@ -0,0 +1,24 @@
<?xml version="1.0"?>
<ruleset name="SS3">
<description>Coding standard for SilverStripe 3.x</description>
<!-- Don't sniff third party libraries -->
<exclude-pattern>*/vendor/*</exclude-pattern>
<exclude-pattern>*/thirdparty/*</exclude-pattern>
<!-- Show progress and output sniff names on violation, and add colours -->
<arg value="sp"/>
<arg name="colors"/>
<!-- Use PSR-2 as a base standard -->
<rule ref="PSR2">
<!-- Allow classes to not declare a namespace -->
<exclude name="PSR1.Classes.ClassDeclaration.MissingNamespace"/>
<!-- Allow underscores in class names -->
<exclude name="Squiz.Classes.ValidClassName.NotCamelCaps"/>
<!-- Allow non camel cased method names -->
<exclude name="PSR1.Methods.CamelCapsMethodName.NotCamelCaps"/>
</rule>
</ruleset>