Merge remote-tracking branch 'origin/3.1'

Conflicts:
	composer.json

.htaccess

@@ -10,11 +10,20 @@
 	Deny from all
 </Files>
 
+# This denies access to all yml files, since developers might include sensitive
+# information in them. See the docs for work-arounds to serve some yaml files
+<Files *.yml>
+	Order allow,deny
+	Deny from all
+</Files>
+
 ErrorDocument 404 /assets/error-404.html
 ErrorDocument 500 /assets/error-500.html
 
 <IfModule mod_alias.c>
 	RedirectMatch 403 /silverstripe-cache(/|$)
+	RedirectMatch 403 /vendor(/|$)
+	RedirectMatch 403 /composer\.(json|lock)
 </IfModule>
 
 <IfModule mod_rewrite.c>
@@ -23,6 +32,7 @@ ErrorDocument 500 /assets/error-500.html
 
 	RewriteCond %{REQUEST_URI} ^(.*)$
 	RewriteCond %{REQUEST_FILENAME} !-f
+	RewriteCond %{REQUEST_URI} !\.php$
 	RewriteRule .* framework/main.php?url=%1 [QSA]
 
 	RewriteCond %{REQUEST_URI} ^(.*)/framework/main.php$

mysite/_config.php

@@ -1,18 +1,12 @@
-<?php
+<?php
-
+
-global $project;
+global $project;
-$project = 'mysite';
+$project = 'mysite';
-
+
-global $database;
+global $database;
-$database = '';
+$database = '';
-
+
-require_once('conf/ConfigureFromEnv.php');
+require_once('conf/ConfigureFromEnv.php');
-
+
-MySQLDatabase::set_connection_charset('utf8');
+// Set the site locale
-
+i18n::set_locale('en_US');
-// Set the current theme. More themes can be downloaded from
-// http://www.silverstripe.org/themes/
-SSViewer::set_theme('simple');
-
-// Enable nested URLs for this site (e.g. page/sub-page/)
-if(class_exists('SiteTree')) SiteTree::enable_nested_urls();

mysite/_config/config.yml

@@ -0,0 +1,9 @@
+---
+Name: mysite
+After: 'framework/*','cms/*'
+---
+# YAML configuration for SilverStripe
+# See http://doc.silverstripe.org/framework/en/topics/configuration
+# Caution: Indentation through two spaces, not tabs
+SSViewer:
+  theme: 'simple'

mysite/code/Page.php

@@ -1,10 +1,10 @@
 <?php
 class Page extends SiteTree {
 
-	public static $db = array(
+	private static $db = array(
 	);
 
-	public static $has_one = array(
+	private static $has_one = array(
 	);
 
 }
@@ -25,7 +25,7 @@ class Page_Controller extends ContentController {
 	 *
 	 * @var array
 	 */
-	public static $allowed_actions = array (
+	private static $allowed_actions = array (
 	);
 
 	public function init() {
@@ -40,4 +40,4 @@ class Page_Controller extends ContentController {
 		Requirements::themedCSS('form'); 
 	}
 
-}
+}

phpunit.xml.dist

@@ -25,7 +25,7 @@
 	<listeners>
 		<listener class="SS_TestListener" file="framework/dev/TestListener.php" />
 	</listeners>
-
+	
 	<groups>
 		<exclude>
 			<group>sanitychecks</group>

web.config

@@ -1,5 +1,18 @@
-<?xml version="1.0" encoding="utf-8"?>
 <configuration>
 	<system.webServer>
+		<security>
+			<requestFiltering>
+				<hiddenSegments>
+					<add segment="silverstripe-cache/" />
+					<add segment="vendor" />
+					<add segment="composer.json" />
+					<add segment="composer.lock" />
+				</hiddenSegments>
+				<fileExtensions allowUnlisted="true" >
+					<add fileExtension=".ss" allowed="false"/>
+					<add fileExtension=".yml" allowed="false"/>
+				</fileExtensions>
+			</requestFiltering>
+		</security>
 	</system.webServer>
 </configuration>