Commit Graph

407 Commits

Author SHA1 Message Date
Werner M. Krauß
6f1e1ab953 SubsiteVirtualPage: SubsiteID should not be a virtual field 2017-05-30 21:43:37 +02:00
Werner M. Krauß
f348f5fa97 fix SiteConfigSubsites AugmentSQL: get the right table name to filter 2017-05-30 20:50:52 +02:00
Werner M. Krauß
997459caf3 Get some more tests working
Updating config and i18n calls
2017-05-30 20:50:22 +02:00
Werner M. Krauß
e2bdd5ca41 fixing tests: adjusting yml file, update Config::modify usage 2017-05-30 15:14:28 +02:00
Tim Kung
5d3af16aaf - namespacing all classes
- moving all phpunit tests into tests/php
- moving all extensions from _config.php into config.yml and removing obsolete _config.php
- moving GridFieldSubsiteDetailForm_ItemRequest into own file

(cherry picked from commit ee02828)
2017-05-30 15:13:40 +02:00
Werner M. Krauß
b8f98323ae merge #2 2017-05-30 11:14:51 +02:00
Werner M. Krauß
9862cf5ea6 merge ss4 fixes by cheddam 2017-05-29 13:42:42 +02:00
Werner M. Krauß
c5f507b3f9 reformat code and tests 2017-05-24 15:26:28 +02:00
Werner M. Krauß
ef602abe47 replace config::inst()->update() with config::modify->set() 2017-05-24 15:20:51 +02:00
Werner M. Krauß
a49189ef58 fix removed i18n::get_common_locales() 2017-05-24 15:09:13 +02:00
Werner M. Krauß
a7ef6472ee db query fixes 2017-05-24 14:55:03 +02:00
Werner M. Krauß
b71e544820 adding table names config 2017-05-24 14:31:56 +02:00
Werner M. Krauß
fe6d93eaac fixing double use declarations of Subsite class 2017-05-24 14:31:36 +02:00
Werner M. Krauß
2c3b5bf5af remove VirtualPageController usage 2017-05-24 13:42:53 +02:00
Werner M. Krauß
e33a5b4cae upgrader: upgrade code 2017-05-24 13:36:04 +02:00
Werner M. Krauß
2c84e627db upgrader: namespacing classes 2017-05-24 12:32:05 +02:00
Loz Calver
e8f5f58bb0 SS4 namespaces compatibility 2016-09-23 09:34:23 +01:00
John Milmine
3587bc666f made duplication between subsites more robust
and added some extra methods so it's easier to overwrite or extend
2016-03-22 21:55:11 +13:00
Damian Mooyman
7ee8bdbf72 Merge pull request #176 from jason-zz/patch-1
Update SubsiteDomain.php
2016-02-04 17:26:56 +13:00
Damian Mooyman
0d7dc49d6b API Rename mysiteconfig to subsiteconfig
API make ErrorPageSubsite 4.x compatible
BUG Fix incorrect yml
BUG Fix incorrect DataExtension::augmentSQL implementation
2015-11-20 17:04:23 +13:00
Damian Mooyman
5e18e8dca3 Merge remote-tracking branch 'origin/1.1'
Conflicts:
	.travis.yml
2015-11-13 19:06:09 +13:00
Damian Mooyman
c22c8dc810 Merge remote-tracking branch 'origin/1.0' into 1.1
Conflicts:
	code/extensions/LeftAndMainSubsites.php
	tests/SiteTreeSubsitesTest.php
2015-11-13 19:02:12 +13:00
Ingo Schommer
cf534aad31 BUG Subsites selection on SubsitesVirtualPage (fixes #45 and #47) 2015-11-13 17:31:44 +13:00
Will Rossiter
b979b38694 FIX: #138 allow subsite summary fields to be customized 2015-10-21 09:09:10 +13:00
Will Rossiter
9c9e0bfa94 Correct link to editing a subsite virtual page. 2015-07-27 10:57:10 +12:00
wernerkrauss
996abfcc58 Wrong edit link in SubsitesVirtualPage
In SS3.1 we have /admin/pages for cms, was still old link.
2015-06-17 16:30:56 +02:00
Christopher Pitt
750cdbcff9 3.2 compat changes 2015-06-09 10:50:43 +12:00
Ingo Schommer
5604879146 4.x core compat 2015-04-30 22:39:22 +12:00
Damian Mooyman
5b9af35566 Use 3.2 compatible API 2015-02-24 09:34:34 +13:00
Damian Mooyman
e6c8dff7be Merge remote-tracking branch 'origin/1.0'
Conflicts:
	.travis.yml
	code/extensions/LeftAndMainSubsites.php
	composer.json
2015-02-24 09:12:38 +13:00
micmania1
3ca2861c2d FIX: Removed unnecessary redirect. This is early enough in the script that the correct subsite will be used from hereon. 2015-02-17 01:13:56 +00:00
Jason
d99785d773 Update SubsiteDomain.php
Add $default_sort.
2014-12-17 10:44:43 +11:00
John Milmine
91591a3752 redirect_fix_between_CMS_sections
previously if you were editing settings and you changed subsites ti would revert you to /admin, now it stays within your current controller
2014-11-24 15:32:05 +13:00
James Cocker
498d6e0619 Fixes #135: LeftAndMain switching between subsites
When trying to switch to a different subsite from a page's editing view, it wouldn't switch. This was partly due to a $record always existing due to the homepage fallback on currentPageID : https://github.com/silverstripe/silverstripe-cms/blob/3.1/code/controllers/CMSMain.php#L816

So as currentPage() couldn't actually be used to test for the existance of a current page, I've added in a check for isset($this->owner->urlParams['ID']).

I've also moved the check for $_GET['SubsiteID’] which indicated a forced subsite switch (eg. via the dropdown switcher) above the check for a current page, as it should take precedence, and it wasn't being run when both conditions matched causing the subsite not to change.

Tested changing subsites from /admin/pages, from page edit view, from a page edit URL, and from other CMS sections such as Files and Security, and all seems to be working perfectly now.
2014-11-24 15:25:53 +13:00
Will Rossiter
0520b57f84 Merge pull request #145 from purplespider/patch-2
Fixes #135: LeftAndMain switching between subsites
2014-11-24 15:11:12 +13:00
Damian Mooyman
a97b0d33eb BUG Fix incompatibility with framework 3.2 2014-08-26 11:42:50 +12:00
Juul Hobert
2e32eab6ae Bugfix for urls with %28 in the url 2014-08-22 13:21:18 +02:00
Shoaib Ali
1f2cb4380d Removed hard coding of HTTP protocol 2014-08-18 21:03:52 +12:00
Sean Harvey
1477155653 Removing unused permission SUBSITE_ASSETS_CREATE_SUBSITE
This isn't used, according to the description it would limit the list
of subsites you can choose to apply a File/Folder to. However, this
dropdown is shown to the user based on whether they have access to
that subsite, so this unused permission code isn't needed.
2014-08-18 11:31:03 +12:00
Stig Lindqvist
bd5bd877fd Security: XSS can be injected in the group edit view 2014-08-01 10:48:44 +12:00
Elliot Sawyer
205754854c Sanitise domain name field to prevent XSS attack on the CMS
PWC identified an issue with the subsites module that would allow someone with authenticated access to attack other CMS users, such as "stealing the session ID and hijacking an authenticated user's session".
I can't imagine a case where HTML would ever be allowed in the subdomain of a website, so it's a good practice to strip it out anyway.

Steps to reproduce the original issue:
1. Enter a subsite name and mark as the default site.
2. Add a new domain named <script>alert(2)</script> and mark it as primary
3. Switch to the new subsite.
4. Make a new Page. This will execute a javascript alert containing "2".

MINOR update documentation for onBeforeWrite()
MINOR add @property attributes into docblock
2014-07-16 15:43:05 +12:00
James Cocker
47df87f62c Fixes #135: LeftAndMain switching between subsites
When trying to switch to a different subsite from a page's editing view, it wouldn't switch. This was partly due to a $record always existing due to the homepage fallback on currentPageID : https://github.com/silverstripe/silverstripe-cms/blob/3.1/code/controllers/CMSMain.php#L816

So as currentPage() couldn't actually be used to test for the existance of a current page, I've added in a check for isset($this->owner->urlParams['ID']).

I've also moved the check for $_GET['SubsiteID’] which indicated a forced subsite switch (eg. via the dropdown switcher) above the check for a current page, as it should take precedence, and it wasn't being run when both conditions matched causing the subsite not to change.

Tested changing subsites from /admin/pages, from page edit view, from a page edit URL, and from other CMS sections such as Files and Security, and all seems to be working perfectly now.
2014-06-04 16:41:28 +01:00
James Cocker
38e4bc196d Fixes #139 - Broken URL Segment CMS Links
Fixes issue #139 using normann's solution that seems to work perfectly with both long and short links.
2014-06-04 13:12:28 +01:00
Mateusz Uzdowski
9cf7a1453f BUG Fixes to link rewriting when previewing subsites.
* JS error with href-less links.
* All forms get injected hidden fields, even though the loop attempts to
check for only the ones that submit locally.
* Also check for action-less forms.

Requires
https://github.com/silverstripe/silverstripe-framework/pull/3000 to be
merged for the Framework.
https://github.com/silverstripe-labs/silverstripe-testsession/pull/11
2014-04-02 13:39:01 +13:00
Sean Harvey
4e20228c2e Merge pull request #132 from mateusz/session-can-edit
Make canEdit fall back to session if the object's SubsiteID not there.
2014-01-14 14:07:32 -08:00
Mateusz Uzdowski
82159e38d3 Make canEdit fall back to session if the object's SubsiteID not there.
This problem manifests when a GridField-managed relationship tries to
create an object that references the container from canEdit - the
container in this case has empty fields.

An example of that is a HomePage with CarouselItem - if the
CarouselItem::canEdit tries to call $this->Page()->canEdit(), the "Page"
will be a dummy object, not the actual instance of the HomePage that's
doing the manipulation.

This is similar to the behaviour of SiteTree::canEdit, which solves
this situation by falling back to "return
$this->getSiteConfig()->canEdit($member);"
2014-01-10 09:58:53 +13:00
Matt Peel
fb5d791444 BUGFIX: permissions to check the ‘CMS_ACCESS_LeftAndMain’ global permission.
‘CMS_ACCESS_LeftAndMain’ is used by the PermissionCheckboxSetField to allow
applicable Members to access all CMS sections. There are then further
permissions to restrict the Members (e.g. ‘CMS_ACCESS_LeftAndMain’ will give you
access to the ‘Pages’ section, but you still need the ‘Edit any page’ permission
to actually edit anything).

This patch ensures that the subsites module follows those permissions, and
doesn’t unnecessarily deny permission to legitimate users.
2014-01-10 09:31:44 +13:00
Matt Peel
083194857e Allow ‘ADMIN’ and ‘CMS_ACCESS_LeftAndMain’ access to CMS. Fixes CWPBUG-113.
Previously, only the global ‘ADMIN’ permission was allowing users to bypass the
stricter Permission check. We also need to allow the ‘CMS_ACCESS_LeftAndMain’
permission to bypass this check, as otherwise a user who is in a Group with the
‘Access to all CMS sections’ permission set (which only sets the
CMS_ACCESS_LeftAndMain permission code and no others) would be denied access to
the CMS for that sub site.
2014-01-09 17:12:47 +13:00
Mateusz Uzdowski
58b926af25 BUG Refactor the access checks and initial subsite redirections.
Remove the special AJAX handling to simplify the code. Now redirection
will be forced on any request that changes the subsite to re-synchronise
with the frontend.

Introduce canAccess method, and add it to alternateAccessCheck to make
sure this subsite-specific chceck is also done in situations that are
not captured by onBeforeInit.
2013-12-04 17:34:27 +13:00
Mateusz Uzdowski
a771e2239b Do not change the session-stored subsite, if session is not enabled.
This causes issues with Security::findAnAdmistrator which incorrectly
forces the current session-stored subsite to 0 - it uses
Subsite::currentSubsiteID before the session support is enabled, and
hence obtains wrong value.
2013-11-26 13:12:17 +13:00