From b1875ea1afbbb800e856bfe56703cb06c5063e4b Mon Sep 17 00:00:00 2001 From: Daniel Hensby Date: Fri, 17 Nov 2017 11:37:41 +0000 Subject: [PATCH 1/9] Loosen PHPUnit constraints --- composer.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/composer.json b/composer.json index 576d730..94b1ddb 100644 --- a/composer.json +++ b/composer.json @@ -10,7 +10,7 @@ "silverstripe-themes/simple": "3.1.*" }, "require-dev": { - "phpunit/PHPUnit": "~3.7@stable" + "phpunit/phpunit": "^3 || ^4 || ^5" }, "extra": { "branch-alias": { From 2d90647410028a5ba2151095922f537f8223205a Mon Sep 17 00:00:00 2001 From: aNickzz Date: Thu, 30 Nov 2017 22:03:34 +1030 Subject: [PATCH 2/9] Update .gitignore Uploading files directly through the Files LeftAndMain drops them directly into the assets folder by default. This will help prevent those files accidentally ending up in git. --- assets/.gitignore | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/assets/.gitignore b/assets/.gitignore index d826e24..8c0dc7c 100644 --- a/assets/.gitignore +++ b/assets/.gitignore @@ -1,4 +1,4 @@ -# Ignore sensible defaults -/*/ -/error-*.html -/_combinedfiles/ +/**/* +!.gitignore +!.htaccess +!web.config From 68fdb0684efbabb8ab33badea0ee3a5ba80abc87 Mon Sep 17 00:00:00 2001 From: Damian Mooyman Date: Wed, 6 Dec 2017 15:42:10 +1300 Subject: [PATCH 3/9] Add .cow.json to 3.5 branch --- .cow.json | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 .cow.json diff --git a/.cow.json b/.cow.json new file mode 100644 index 0000000..10503a0 --- /dev/null +++ b/.cow.json @@ -0,0 +1,19 @@ +{ + "github-slug": "silverstripe/silverstripe-installer", + "changelog-holder": "silverstripe/framework", + "changelog-path": "docs/en/04_Changelogs/{stability}/{version}.md", + "child-stability-inherit": true, + "dependency-constraint": "exact", + "vendors": [ + "silverstripe" + ], + "archives": [ + { + "recipe": "silverstripe/installer", + "files": [ + "SilverStripe-cms-v{version}.zip", + "SilverStripe-cms-v{version}.tar.gz" + ] + } + ] +} From 75984719dba5e2be8321af03fd777bc3291cc061 Mon Sep 17 00:00:00 2001 From: Damian Mooyman Date: Wed, 6 Dec 2017 16:22:20 +1300 Subject: [PATCH 4/9] Ignore modules --- .gitignore | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 50e5d86..1c36369 100644 --- a/.gitignore +++ b/.gitignore @@ -4,8 +4,10 @@ # ignore all environment files _ss_environment.php -# ignore build tools -/tools/phing-metadata - # ignore composer vendor folder /vendor/ +/framework/ +/cms/ +/assets/ +/siteconfig/ +/reports/ From 4d60f01d2dd17febcf15c08ecdc07af7380694d0 Mon Sep 17 00:00:00 2001 From: Christopher Joe Date: Thu, 21 Dec 2017 15:53:41 +1300 Subject: [PATCH 5/9] Enhancement add test for a `--no-dev` build --- .travis.yml | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/.travis.yml b/.travis.yml index 5269d1c..b72eb26 100644 --- a/.travis.yml +++ b/.travis.yml @@ -59,6 +59,11 @@ matrix: env: - BEHAT_TEST="@asset-admin" - DB=MYSQL + - php: 5.6 + env: + - HEALTH_TEST=1 + - DB=MYSQL + - PDO=1 before_script: # Init PHP @@ -70,22 +75,26 @@ before_script: - composer validate - if [[ $DB == PGSQL ]]; then composer require --no-update silverstripe/postgresql:2.0.x-dev; fi - if [[ $BEHAT_TEST ]]; then composer require --no-update silverstripe/behat-extension:^3 silverstripe/serve:^2 se/selenium-server-standalone:2.41.0; fi; - - composer install --prefer-dist --no-interaction --no-progress --no-suggest --optimize-autoloader --verbose --profile + - if [[ $HEALTH_TEST ]]; then composer require --no-update silverstripe/serve:^2; fi; + - if ! [[ $HEALTH_TEST ]]; then composer install --prefer-dist --no-interaction --no-progress --no-suggest --optimize-autoloader --verbose --profile; fi; + - if [[ $HEALTH_TEST ]]; then composer install --prefer-dist --no-interaction --no-progress --no-suggest --optimize-autoloader --verbose --profile --no-dev; fi; # Start behat services - - if [[ $BEHAT_TEST ]]; then echo 'SS_BASE_URL=http://localhost:8080/' >> .env; fi - - if [[ $BEHAT_TEST ]]; then mkdir artifacts; fi - - if [[ $BEHAT_TEST ]]; then cp composer.lock artifacts/; fi + - if [[ $BEHAT_TEST ]] || [[ $HEALTH_TEST ]]; then echo 'SS_BASE_URL=http://localhost:8080/' >> .env; fi + - if [[ $BEHAT_TEST ]] || [[ $HEALTH_TEST ]]; then mkdir artifacts; fi + - if [[ $BEHAT_TEST ]] || [[ $HEALTH_TEST ]]; then cp composer.lock artifacts/; fi - if [[ $BEHAT_TEST ]]; then sh -e /etc/init.d/xvfb start; sleep 3; fi - if [[ $BEHAT_TEST ]]; then (vendor/bin/selenium-server-standalone > artifacts/selenium.log 2>&1 &); fi - - if [[ $BEHAT_TEST ]]; then (vendor/bin/serve --bootstrap-file vendor/silverstripe/cms/tests/behat/serve-bootstrap.php &> artifacts/serve.log &); fi + - if [[ $BEHAT_TEST ]] || [[ $HEALTH_TEST ]]; then (vendor/bin/serve --bootstrap-file vendor/silverstripe/cms/tests/behat/serve-bootstrap.php &> artifacts/serve.log &); sleep 3; fi script: - if [[ $PHPUNIT_TEST ]]; then vendor/bin/phpunit --testsuite $PHPUNIT_TEST; fi - if [[ $BEHAT_TEST ]]; then vendor/bin/behat $BEHAT_TEST; fi + - if [[ $HEALTH_TEST ]]; then curl -vfL http://localhost:8080/dev/build?flush; fi + - if [[ $HEALTH_TEST ]]; then curl -vfL http://localhost:8080/admin; fi after_failure: - - if [[ $BEHAT_TEST ]]; then php ./vendor/silverstripe/framework/tests/behat/travis-upload-artifacts.php --if-env BEHAT_TEST,ARTIFACTS_BUCKET,ARTIFACTS_KEY,ARTIFACTS_SECRET --target-path $TRAVIS_REPO_SLUG/$TRAVIS_BUILD_ID/$TRAVIS_JOB_ID --artifacts-base-url https://s3.amazonaws.com/$ARTIFACTS_BUCKET/ --artifacts-path ./artifacts/; fi + - if [[ $BEHAT_TEST ]] || [[ $HEALTH_TEST ]]; then php ./vendor/silverstripe/framework/tests/behat/travis-upload-artifacts.php --if-env ARTIFACTS_BUCKET,ARTIFACTS_KEY,ARTIFACTS_SECRET --target-path $TRAVIS_REPO_SLUG/$TRAVIS_BUILD_ID/$TRAVIS_JOB_ID --artifacts-base-url https://s3.amazonaws.com/$ARTIFACTS_BUCKET/ --artifacts-path ./artifacts/; fi notifications: slack: silverstripeltd:Cls1xnypKBLFhv0YIRtNLzlQ From 81045f46c2393c21270089cfac0aa25bf89d1282 Mon Sep 17 00:00:00 2001 From: Damian Mooyman Date: Mon, 5 Feb 2018 17:15:37 +1300 Subject: [PATCH 6/9] Update development dependencies --- composer.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/composer.json b/composer.json index 3edefbc..acdbb14 100644 --- a/composer.json +++ b/composer.json @@ -5,7 +5,7 @@ "require": { "php": ">=5.6.0", "silverstripe/recipe-plugin": "^1", - "silverstripe/recipe-cms": "1.0.x-dev", + "silverstripe/recipe-cms": "1.0.3@stable", "silverstripe-themes/simple": "~3.2.0" }, "require-dev": { @@ -24,4 +24,4 @@ }, "prefer-stable": true, "minimum-stability": "dev" -} +} \ No newline at end of file From d678bd76f9560ca7b29a97a679b4119a63ea1684 Mon Sep 17 00:00:00 2001 From: Damian Mooyman Date: Fri, 13 Apr 2018 09:27:25 +1200 Subject: [PATCH 7/9] Update selenium to chromedriver --- .travis.yml | 17 ++++++++++------- behat.yml | 18 +++++++++--------- 2 files changed, 19 insertions(+), 16 deletions(-) diff --git a/.travis.yml b/.travis.yml index b72eb26..562fbc9 100644 --- a/.travis.yml +++ b/.travis.yml @@ -2,16 +2,15 @@ language: php dist: trusty -sudo: required - -group: deprecated-2017Q4 +before_install: + - sudo apt-get update + - sudo apt-get install chromium-chromedriver cache: directories: - $HOME/.composer/cache/files addons: - firefox: "31.0" apt: packages: - tidy @@ -22,6 +21,8 @@ env: - COMPOSER_ROOT_VERSION="4.0.x-dev" - DISPLAY=":99" - XVFBARGS=":99 -ac -screen 0 1024x768x16" + - SS_BASE_URL="http://localhost:8080/" + - SS_ENVIRONMENT_TYPE="dev" matrix: fast_finish: true @@ -66,6 +67,9 @@ matrix: - PDO=1 before_script: +# Extra $PATH + - export PATH=/usr/lib/chromium-browser/:$PATH + # Init PHP - phpenv rehash - phpenv config-rm xdebug.ini || true @@ -74,17 +78,16 @@ before_script: # Install composer dependencies - composer validate - if [[ $DB == PGSQL ]]; then composer require --no-update silverstripe/postgresql:2.0.x-dev; fi - - if [[ $BEHAT_TEST ]]; then composer require --no-update silverstripe/behat-extension:^3 silverstripe/serve:^2 se/selenium-server-standalone:2.41.0; fi; + - if [[ $BEHAT_TEST ]]; then composer require --no-update silverstripe/recipe-testing:^1; fi; - if [[ $HEALTH_TEST ]]; then composer require --no-update silverstripe/serve:^2; fi; - if ! [[ $HEALTH_TEST ]]; then composer install --prefer-dist --no-interaction --no-progress --no-suggest --optimize-autoloader --verbose --profile; fi; - if [[ $HEALTH_TEST ]]; then composer install --prefer-dist --no-interaction --no-progress --no-suggest --optimize-autoloader --verbose --profile --no-dev; fi; # Start behat services - - if [[ $BEHAT_TEST ]] || [[ $HEALTH_TEST ]]; then echo 'SS_BASE_URL=http://localhost:8080/' >> .env; fi - if [[ $BEHAT_TEST ]] || [[ $HEALTH_TEST ]]; then mkdir artifacts; fi - if [[ $BEHAT_TEST ]] || [[ $HEALTH_TEST ]]; then cp composer.lock artifacts/; fi - if [[ $BEHAT_TEST ]]; then sh -e /etc/init.d/xvfb start; sleep 3; fi - - if [[ $BEHAT_TEST ]]; then (vendor/bin/selenium-server-standalone > artifacts/selenium.log 2>&1 &); fi + - if [[ $BEHAT_TEST ]]; then (chromedriver > artifacts/chromedriver.log 2>&1 &); fi - if [[ $BEHAT_TEST ]] || [[ $HEALTH_TEST ]]; then (vendor/bin/serve --bootstrap-file vendor/silverstripe/cms/tests/behat/serve-bootstrap.php &> artifacts/serve.log &); sleep 3; fi script: diff --git a/behat.yml b/behat.yml index feb4362..f092b55 100644 --- a/behat.yml +++ b/behat.yml @@ -1,20 +1,20 @@ -# Note: Currently firefox 31-ESR is recommended +# Note: Currently chrome latest is recommended # Behat test setup requires an `.env` with `SS_BASE_URL` defined, as well # as each of the following commands to initiate a test run: # ========================================================================= # -# composer require silverstripe/behat-extension:^3 silverstripe/serve:dev-master se/selenium-server-standalone:2.41.0 -# vendor/bin/selenium-server-standalone -Dwebdriver.firefox.bin="/Applications/Firefox31.app/Contents/MacOS/firefox-bin" -# vendor/bin/serve --bootstrap-file vendor/silverstripe/cms/tests/behat/serve-bootstrap.php -# vendor/bin/behat @ +# composer require silverstripe/recipe-testing ^1 +# vendor/bin/behat-ss @ # ========================================================================= # default: suites: [] extensions: SilverStripe\BehatExtension\MinkExtension: - default_session: selenium2 - javascript_session: selenium2 - selenium2: - browser: firefox + default_session: facebook_web_driver + javascript_session: facebook_web_driver + facebook_web_driver: + browser: chrome + wd_host: "http://127.0.0.1:9515" #chromedriver port + browser_name: chrome SilverStripe\BehatExtension\Extension: bootstrap_file: vendor/silverstripe/cms/tests/behat/serve-bootstrap.php screenshot_path: %paths.base%/artifacts/screenshots From f9c03fa623dc7237005901efd863256b7d356db7 Mon Sep 17 00:00:00 2001 From: Damian Mooyman Date: Tue, 24 Apr 2018 11:32:05 +1200 Subject: [PATCH 8/9] [ss-2018-012] Prevent php code execution in assets folder --- assets/.htaccess | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/assets/.htaccess b/assets/.htaccess index eebdb1d..fc7b16e 100644 --- a/assets/.htaccess +++ b/assets/.htaccess @@ -4,6 +4,15 @@ # See AssetAdapter::renderTemplate() for reference. # +# We disable PHP via several methods +# Replace the handler with the default plaintext handler +AddHandler default-handler php phtml php3 php4 php5 inc + + + # Turn the PHP engine off + php_flag engine off + + SetEnv HTTP_MOD_REWRITE On @@ -11,16 +20,12 @@ RewriteEngine On - # Disable PHP handler - RewriteCond %{REQUEST_URI} .(?i:php|phtml|php3|php4|php5|inc)$ - RewriteRule .* - [F] - # Allow error pages RewriteCond %{REQUEST_FILENAME} -f RewriteRule error[^\\/]*\.html$ - [L] # Block invalid file extensions - RewriteCond %{REQUEST_URI} !\.(?i:ace|arc|arj|asf|au|avi|bmp|bz2|cab|cda|css|csv|dmg|doc|docx|dotx|dotm|flv|gif|gpx|gz|hqx|ico|jar|jpeg|jpg|js|kml|m4a|m4v|mid|midi|mkv|mov|mp3|mp4|mpa|mpeg|mpg|ogg|ogv|pages|pcx|pdf|png|pps|ppt|pptx|potx|potm|ra|ram|rm|rtf|sit|sitx|tar|tgz|tif|tiff|txt|wav|webm|wma|wmv|xls|xlsx|xltx|xltm|zip|zipx)$ + RewriteCond %{REQUEST_URI} !^[^.]*\.(?i:ace|arc|arj|asf|au|avi|bmp|bz2|cab|cda|css|csv|dmg|doc|docx|dotx|dotm|flv|gif|gpx|gz|hqx|ico|jar|jpeg|jpg|js|kml|m4a|m4v|mid|midi|mkv|mov|mp3|mp4|mpa|mpeg|mpg|ogg|ogv|pages|pcx|pdf|png|pps|ppt|pptx|potx|potm|ra|ram|rm|rtf|sit|sitx|tar|tgz|tif|tiff|txt|wav|webm|wma|wmv|xls|xlsx|xltx|xltm|zip|zipx)$ RewriteRule .* - [F] # Non existant files passed to requesthandler From be96858e85272ca62f6f0ff3e24a44aa0248ac4d Mon Sep 17 00:00:00 2001 From: Robbie Averill Date: Thu, 26 Apr 2018 09:00:49 +1200 Subject: [PATCH 9/9] [SS-2018-014] Remove jar, dotm, potm, xltm from file extension whitelist, hard-code CSS and JS for TinyMCE support --- assets/.htaccess | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/assets/.htaccess b/assets/.htaccess index fc7b16e..8c3eefb 100644 --- a/assets/.htaccess +++ b/assets/.htaccess @@ -25,7 +25,7 @@ AddHandler default-handler php phtml php3 php4 php5 inc RewriteRule error[^\\/]*\.html$ - [L] # Block invalid file extensions - RewriteCond %{REQUEST_URI} !^[^.]*\.(?i:ace|arc|arj|asf|au|avi|bmp|bz2|cab|cda|css|csv|dmg|doc|docx|dotx|dotm|flv|gif|gpx|gz|hqx|ico|jar|jpeg|jpg|js|kml|m4a|m4v|mid|midi|mkv|mov|mp3|mp4|mpa|mpeg|mpg|ogg|ogv|pages|pcx|pdf|png|pps|ppt|pptx|potx|potm|ra|ram|rm|rtf|sit|sitx|tar|tgz|tif|tiff|txt|wav|webm|wma|wmv|xls|xlsx|xltx|xltm|zip|zipx)$ + RewriteCond %{REQUEST_URI} !^[^.]*\.(?i:css|js|ace|arc|arj|asf|au|avi|bmp|bz2|cab|cda|csv|dmg|doc|docx|dotx|flv|gif|gpx|gz|hqx|ico|jpeg|jpg|kml|m4a|m4v|mid|midi|mkv|mov|mp3|mp4|mpa|mpeg|mpg|ogg|ogv|pages|pcx|pdf|png|pps|ppt|pptx|potx|ra|ram|rm|rtf|sit|sitx|tar|tgz|tif|tiff|txt|wav|webm|wma|wmv|xls|xlsx|xltx|zip|zipx)$ RewriteRule .* - [F] # Non existant files passed to requesthandler