This PR fixed unable to create subsite problm.
I was unable to create a subsite, because of no themes been shown in Theme dropdown menu.
How to test:
1> Use composer to install a fresh copy of Silverstripe 3.2
2> Use composer to install subsite module.
3> Try to create a subsite.
4> No themes loaded into Theme dropdown menu.
5> Apply this PR.
6> fresh page / or dev/build, now, themes loaded into The dropdown menu.
This isn't used, according to the description it would limit the list
of subsites you can choose to apply a File/Folder to. However, this
dropdown is shown to the user based on whether they have access to
that subsite, so this unused permission code isn't needed.
PWC identified an issue with the subsites module that would allow someone with authenticated access to attack other CMS users, such as "stealing the session ID and hijacking an authenticated user's session".
I can't imagine a case where HTML would ever be allowed in the subdomain of a website, so it's a good practice to strip it out anyway.
Steps to reproduce the original issue:
1. Enter a subsite name and mark as the default site.
2. Add a new domain named <script>alert(2)</script> and mark it as primary
3. Switch to the new subsite.
4. Make a new Page. This will execute a javascript alert containing "2".
MINOR update documentation for onBeforeWrite()
MINOR add @property attributes into docblock
‘CMS_ACCESS_LeftAndMain’ is used by the PermissionCheckboxSetField to allow
applicable Members to access all CMS sections. There are then further
permissions to restrict the Members (e.g. ‘CMS_ACCESS_LeftAndMain’ will give you
access to the ‘Pages’ section, but you still need the ‘Edit any page’ permission
to actually edit anything).
This patch ensures that the subsites module follows those permissions, and
doesn’t unnecessarily deny permission to legitimate users.
This causes issues with Security::findAnAdmistrator which incorrectly
forces the current session-stored subsite to 0 - it uses
Subsite::currentSubsiteID before the session support is enabled, and
hence obtains wrong value.
Tries to find an accessible section in the current site, falls back to
searching across all sites and all sections.
Also adds more powerful and generic functionss:
Subsites::all_sites - get the full list
Subsites::all_accessible_sites - get Member accessible list
LeftAndMainExtension::sectionSites - get section-specific list
* Hide admins without subsite support from subsites menu
* Add subsite support to default site areas
* Enable reloading of subsites switcher dropdown when navigating the
site, and when editing subsite areas
API Fix parallel pjax menu fetching for subsites.
- thanks Mateusz!
Delint LeftAndMain_Subsites.js
Tries to access i18n::$likely_subtags directly. Config changes in
3.1 now prevent this from happening and fails.
i18n::get_locale_from_lang() is used instead to provide the locale.
This fixes the bug where creating the top level pages is broken whenever
subsites module is installed. This is because the SubsiteID is
explicitly specified on AddForm POST submission, which incorrectly
triggers a redirect from LeftAndMainSubsites::init and the form action
never has a chance to execute.
Also do not look at POST when checking for the current subsite ID.
Fixed a few missed strict errors
Applied patch from kmayo to fix issues with SubsiteAdminTest.php
Fixed issue causing the url segments of subsites created from a template to add -2 to the end
Fixed undefined method TotalItems() on datalist for the SubsiteTest
Fixed failure on SubsiteTest because DataObject::get_one() now returns boolean false instead of null when no result is found
Fixed failure on SubsitesVirtualPageTest caused by Versioned::get_one_by_stage() returning null instead of false
Fixed failure caused by the contact-us page existing on subsite 2
Merged another patch from kmayo
Force main site to be on, for some reason it gets hidden in some cases i.e. refreshing the cms while editing a page
Fixes for SS 3.0 beta 3
Fixed compatibility issues with ss3.0 rc1
fixed potential issue caused by the from array format changing in 3.0
Fixed strict standards warnings
Fixed strict notice "Only variables should be passed by reference"
Fixed strict notice "Only variables should be passed by reference"
Fixed strict notice caused by SubsiteAdmin not declaring all of the properties for getCMSFields()
Made Subsite::accessible_sites() static
Fixed issue caused when trying to add a domain before saving for the first time
Fixed undefined property ParentID