Commit Graph

372 Commits

Author SHA1 Message Date
Ingo Schommer
f477983bff Clearer escaping in CMSMain
No direct security issue, but makes intent clearer
2013-09-24 21:35:03 +02:00
Ingo Schommer
a5d9958f8c Clearer escaping in ReportAdmin
No direct security issue since report titles can't be set by the user
2013-09-24 21:34:58 +02:00
Ingo Schommer
3dc86f98a3 Fixed merge error 2013-08-20 22:25:24 +02:00
Ingo Schommer
ba57d42349 Merge remote-tracking branch 'origin/3.0' into 3.1.0
Conflicts:
	code/controllers/ContentController.php
	code/model/SiteTree.php
	tests/search/SearchFormTest.php
2013-08-20 20:59:44 +02:00
Hamish Friedlander
2fae9280e5 FIX ArchiveDate enforcement 2013-08-08 17:17:35 +12:00
Ingo Schommer
99ba7bdb4e Merge remote-tracking branch 'origin/3.0' into 3.1
Conflicts:
	lang/en.yml
	templates/CMSPageHistoryController_versions.ss
2013-08-07 17:15:17 +02:00
Ingo Schommer
07cccc8e95 Translations: Switch to Transifex format
- Based on new (last) translation download from getlocalization.com
- Removed untranslated strings. Getlocalization started including those at some point
which is highly annoying, unnecessary and breaks the new transfix system,
since it'll mark all of the english strings as actual translations
- Avoid dots in entities. It confuses the Transifex YML parser
- Removed some locales unknown to Transifex which didn't have any translations anyway
- Removed "lolcat" locale, uses custom notation (en@lolcal)
  which SilverStripe's i18n system can't handle
  (needs mapping from SS naming to Zend naming)
- Renamed "Te Reo/Maori" locale from "mi_NZ" to "mi" (Transifex/CLDR notation)
- Namespaced all entities used in templates (deprecated usage)
- Converted dots to underscores where template filenames are used for namespaces,
since Transifex YML parsing handles them as separate YML keys otherwise
- Removed whitespace in entity names, SilverStripe i18n can't handle it
- Only allow selection of locales registered through i18n::$all_locales to avoid
  issues with unknown locales in Zend's CLDR database
2013-08-04 12:31:29 +02:00
Ingo Schommer
3f118ef08f Translations: Switch to Transifex format
- Based on new (last) translation download from getlocalization.com
- Removed untranslated strings. Getlocalization started including those at some point
which is highly annoying, unnecessary and breaks the new transfix system,
since it'll mark all of the english strings as actual translations
- Avoid dots in entities. It confuses the Transifex YML parser
- Removed some locales unknown to Transifex which didn't have any translations anyway
- Removed "lolcat" locale, uses custom notation (en@lolcal)
  which SilverStripe's i18n system can't handle
  (needs mapping from SS naming to Zend naming)
- Renamed "Te Reo/Maori" locale from "mi_NZ" to "mi" (Transifex/CLDR notation)
- Namespaced all entities used in templates (deprecated usage)
- Converted dots to underscores where template filenames are used for namespaces,
since Transifex YML parsing handles them as separate YML keys otherwise
- Removed whitespace in entity names, SilverStripe i18n can't handle it
2013-08-04 12:28:07 +02:00
Simon Welsh
ff18abb994 Merge branch '3.0' into 3.1
Conflicts:
	.travis.yml
2013-07-14 17:24:06 +12:00
Simon Welsh
3a3e8f2faa Adds LoginForm as an allowed action
Behaves as a form method defined on ContentController
2013-07-14 17:21:59 +12:00
Hamish Friedlander
a5f00ae2c3 FIX Not checking stage in SiteTree#canView
SiteTree versions that arent the live version shouldnt be accessed by
regular users, but the logic to check that was split off into canViewStage,
which wasnt checked by code that isnt specifically SiteTree aware
(like RestfulServer)
2013-07-05 12:14:22 +12:00
Ingo Schommer
a2c2be2ad5 Correct form name in CMSFileAddController, fixes upload
Fixes https://github.com/silverstripe/silverstripe-framework/issues/2172
2013-07-02 09:33:38 +02:00
Ingo Schommer
0bd257c8fc Merge pull request #770 from chillu/pulls/cmsform
Using new CMSForm class to allow for validation errors in CMS
2013-06-28 02:54:09 -07:00
Ingo Schommer
aeacbc38aa Fix AssetAdmin::$allowed_actions 2013-06-21 00:54:28 +02:00
Mike Parkhill
c7f14129ea FIX #651 Broken redirection after creating new folder in assets 2013-06-13 14:58:09 +02:00
Ingo Schommer
2deb525d47 Using new CMSForm class to allow for validation errors in CMS
This class allows deferring handling of responses to the parent
controller's response negotiator implementation.
2013-06-13 07:44:37 +02:00
Mike Parkhill
85f5a45951 FIX #651 Broken redirection after creating new folder in assets 2013-05-27 17:21:07 +12:00
Simon Welsh
e8f6b416d7 Revert call to setCheckModelPermissions() 2013-05-25 13:56:02 +12:00
Sean Harvey
9c1a69ae08 Merge pull request #755 from patbolo/restored-page-correct-title
FIX Correct page title shown when restoring a page, instead of html of t...
2013-05-24 18:45:38 -07:00
jean
698a75d903 FIX Correct page title shown when restoring a page, instead of html of tree node 2013-05-25 11:37:26 +12:00
Will Rossiter
ae494b01bc Merge pull request #259 from chillu/pulls/perms-opt-in
FIX: Respect model permissions in AssetAdmin
2013-05-24 15:44:55 -07:00
Fred Condo
cd81d327ac Return 410 for successfullyinstalled after install files are gone
It was possible to append '/successfullyinstalled' to any SilverStripe
URL (with the cms module present), and the code would run, including
republishing the 404 page.

Now, if the install.php file is gone, this controller method throws the
410 (Gone) status code. The 410 status is chosen rather than 404 to
mitigate the likelihood that crawlers such as the Googlebot will follow
stray links to this URI.
2013-05-21 15:11:57 -07:00
Mateusz Uzdowski
6117057c59 Update doRollback messages to work well with the new reverts.
Currently reverts are not creating the new versions anymore - they are
simply copying the Version over. Remove incorrect message about new
version creation and remove the "cancel draft changes" message that's
not correct.
2013-05-16 08:43:12 +12:00
Sean Harvey
c7ebf76757 Page history panel: show appropriate message when viewing latest version 2013-05-07 17:14:28 +12:00
Will Rossiter
6e2906d01e API: remove static related classes, now staticpublisher module 2013-04-06 17:26:15 +13:00
Ingo Schommer
51c8e8639e API Marked statics private, use Config API instead (#8317)
See "Static configuration properties are now immutable, you must use Config API." in the 3.1 change log for details.
2013-03-24 17:21:04 +01:00
Ingo Schommer
1f14654649 CMSMain->LinkWithSearch() visibility
Required for tree links retaining search state
2013-03-19 22:13:10 +01:00
Ingo Schommer
c3b4d68664 Merge remote-tracking branch 'origin/3.0' into 3.1
Conflicts:
	code/controllers/SilverStripeNavigator.php
2013-03-19 14:04:24 +01:00
g4b0
9037aa8645 Re-indexed disallowed array because of json_encode issue with non-sequential array 2013-03-18 17:18:58 +01:00
uniun
5c933b40e5 BUG SilverStripeNavigator shows wrong message.
The message was always 'Published Site'.
Also there were no 'active' class on links.
2013-03-18 15:57:20 +02:00
Andrew Short
b5725c7ace Merge branch '3.0' into 3.1 2013-03-15 19:36:31 +11:00
Ingo Schommer
ec93643f49 NEW Set correct ParentID when creating page from list view 2013-03-14 19:00:56 +01:00
jean
2dd0e3f02e NEW Restored duplicate and duplicated with children functionality, as in 2.4 See ticket #7602
Conflicts:
	javascript/CMSMain.Tree.js
	templates/Includes/CMSMain_TreeView.ss
2013-03-13 10:04:09 +01:00
Ingo Schommer
a5e84c0a06 Merge pull request #294 from dhensby/request-patch
BUG Request object now has URL changed
2013-03-07 11:32:40 -08:00
Ingo Schommer
0f8d7a0aa4 Removed CMSMain->CMSVersion(), using LeftAndMain instead
Implementation got more complex (see https://github.com/silverstripe/silverstripe-cms/pull/289),
including composer.lock file support. So trying to to duplicate too much.
2013-02-28 13:39:13 +01:00
Daniel Hensby
eb2e0d7877 BUG Request object now has URL changed
Instead of cloning the Request object and losing all the custom
attributes that don't come through the construct (eg: headers) we can
now set the URL alone.
2013-02-28 08:51:25 +00:00
Sam Minnee
b7b62e5aea FIX: Fixed create-folder function: 2013-02-26 13:39:48 +13:00
Ingo Schommer
537b0c6117 Define $allowed_actions consistently
Required due to stricter $allowed_actions checks in 3.1
2013-02-18 15:12:46 +13:00
Ingo Schommer
53c2059a01 Merge remote-tracking branch 'origin/3.0' into 3.1
Conflicts:
	code/controllers/SilverStripeNavigator.php
2013-02-07 21:44:41 +01:00
Ingo Schommer
97fbfd3f12 FIX Respect escaping rules on readonly fields in CMS history view
Avoids showing unescaped HTML on fields which didn't allow it otherwise,
e.g. TextField. This also fixes problems with SiteTree->ExtraMeta
which got evaluated within the CMS. If this section contains any
JavaScript it gets executed and can disrupt CMS operation.
2013-02-04 17:16:15 +01:00
UndefinedOffset
119d8aa892 ENHANCEMENT: Do not display SilverStripeNavigator_CMSLink when in a LeftAndMain extension not just CMSMain extensions 2013-02-01 14:16:19 -04:00
Ingo Schommer
eba4d205c3 Merge remote-tracking branch 'origin/3.0' into 3.1 2013-01-30 12:44:40 +01:00
Ingo Schommer
b15b98345f Using new "Security.login_url" configuration value 2013-01-29 18:06:49 +01:00
Ingo Schommer
649de6e1bc BUG Reinstated CMS "History" Preview (fixes ##8089) 2013-01-25 11:35:48 +01:00
Ingo Schommer
317977a227 More useful default cols on "Pages" list (fixes #8199) 2013-01-22 15:37:20 +01:00
Ingo Schommer
8a9acaa5ba Fixed "add page" type icons (fixes #8190) 2013-01-17 19:59:54 +01:00
Ingo Schommer
76aeec70e7 NEW SiteTree->PreviewLink() for fine grained URL control 2013-01-14 17:12:23 +01:00
Ingo Schommer
ffc6d6ffad BUGFIX Disable CMS preview for RedirectorPage (fixes #7127)
If the redirect is to an internal page, the preview iframe
will automatically load this new URL, causing the CMS edit
form to switch as well - effectively making it impossible
to edit a redirector page in the CMS as soon as it is saved
with an internal redirection target.
2013-01-09 21:44:52 +01:00
Ingo Schommer
fa78370ac4 Merge remote-tracking branch 'origin/3.0' into 3.1 2012-12-21 11:48:48 +01:00
Ingo Schommer
cb96255e80 Removed direct sprintf() usage from _t() calls
Parameterized strings are easier to understand,
and more fail-proof, don't fatal out when not enough sprintf() args
2012-12-21 11:18:18 +01:00