This PR fixed unable to create subsite problm.
I was unable to create a subsite, because of no themes been shown in Theme dropdown menu.
How to test:
1> Use composer to install a fresh copy of Silverstripe 3.2
2> Use composer to install subsite module.
3> Try to create a subsite.
4> No themes loaded into Theme dropdown menu.
5> Apply this PR.
6> fresh page / or dev/build, now, themes loaded into The dropdown menu.
This isn't used, according to the description it would limit the list
of subsites you can choose to apply a File/Folder to. However, this
dropdown is shown to the user based on whether they have access to
that subsite, so this unused permission code isn't needed.
PWC identified an issue with the subsites module that would allow someone with authenticated access to attack other CMS users, such as "stealing the session ID and hijacking an authenticated user's session".
I can't imagine a case where HTML would ever be allowed in the subdomain of a website, so it's a good practice to strip it out anyway.
Steps to reproduce the original issue:
1. Enter a subsite name and mark as the default site.
2. Add a new domain named <script>alert(2)</script> and mark it as primary
3. Switch to the new subsite.
4. Make a new Page. This will execute a javascript alert containing "2".
MINOR update documentation for onBeforeWrite()
MINOR add @property attributes into docblock
‘CMS_ACCESS_LeftAndMain’ is used by the PermissionCheckboxSetField to allow
applicable Members to access all CMS sections. There are then further
permissions to restrict the Members (e.g. ‘CMS_ACCESS_LeftAndMain’ will give you
access to the ‘Pages’ section, but you still need the ‘Edit any page’ permission
to actually edit anything).
This patch ensures that the subsites module follows those permissions, and
doesn’t unnecessarily deny permission to legitimate users.
This causes issues with Security::findAnAdmistrator which incorrectly
forces the current session-stored subsite to 0 - it uses
Subsite::currentSubsiteID before the session support is enabled, and
hence obtains wrong value.
Tries to find an accessible section in the current site, falls back to
searching across all sites and all sections.
Also adds more powerful and generic functionss:
Subsites::all_sites - get the full list
Subsites::all_accessible_sites - get Member accessible list
LeftAndMainExtension::sectionSites - get section-specific list
* Hide admins without subsite support from subsites menu
* Add subsite support to default site areas
* Enable reloading of subsites switcher dropdown when navigating the
site, and when editing subsite areas
API Fix parallel pjax menu fetching for subsites.
- thanks Mateusz!
Delint LeftAndMain_Subsites.js
Tries to access i18n::$likely_subtags directly. Config changes in
3.1 now prevent this from happening and fails.
i18n::get_locale_from_lang() is used instead to provide the locale.
This fixes the bug where creating the top level pages is broken whenever
subsites module is installed. This is because the SubsiteID is
explicitly specified on AddForm POST submission, which incorrectly
triggers a redirect from LeftAndMainSubsites::init and the form action
never has a chance to execute.
Also do not look at POST when checking for the current subsite ID.
Fixed a few missed strict errors
Applied patch from kmayo to fix issues with SubsiteAdminTest.php
Fixed issue causing the url segments of subsites created from a template to add -2 to the end
Fixed undefined method TotalItems() on datalist for the SubsiteTest
Fixed failure on SubsiteTest because DataObject::get_one() now returns boolean false instead of null when no result is found
Fixed failure on SubsitesVirtualPageTest caused by Versioned::get_one_by_stage() returning null instead of false
Fixed failure caused by the contact-us page existing on subsite 2
Merged another patch from kmayo
Force main site to be on, for some reason it gets hidden in some cases i.e. refreshing the cms while editing a page
Fixes for SS 3.0 beta 3
Fixed compatibility issues with ss3.0 rc1
fixed potential issue caused by the from array format changing in 3.0
Fixed strict standards warnings
Fixed strict notice "Only variables should be passed by reference"
Fixed strict notice "Only variables should be passed by reference"
Fixed strict notice caused by SubsiteAdmin not declaring all of the properties for getCMSFields()
Made Subsite::accessible_sites() static
Fixed issue caused when trying to add a domain before saving for the first time
Fixed undefined property ParentID
Replaced deprecated DataObjectDecorator with DataExtension
Fixed hard crashes in the cms
Updated to support new LeftAndMain template structure
Made the subsites model admin functional
Moved the LeftAndMain_Menu template up a directory so it overrides the core
Fixed some errors caused by changes to the framework
Re-organized the code folder
Fixed permission issue causing to default to first subsite regardless if it is the default or not
Fixed crashes on the subsite virtual page when creating/editing
Removed toDropdownMap() calls replacing with map()
Fixed the URLSegment field on subsites
Fixed error when detecting subsite for a domain
Improved styles on the subsite dropdown
Updated LeftAndMain_Subsites.js to work with jQuery entwine
Started porting the SubsitesTreeDropdownField.js to use jQuery entwine and work with the new TreeDropdownField.js
Fixed issue causing crash when viewing a page who is linked to by a subsite virtual page
Removed unused methods on SubsitesTreeDropdownField.js
Re-added classes that were moved
Fixed hard crash after saving caused by the many_many definition on SiteTreeSubsites
Replaced deprecated DataObjectSet creation with ArrayList
Compatibility fixes with SS 3.0 beta 2
Fixed crash in cms caused by no parameter being passed to the SubsiteReportWrapper constructor
Proper fix for report wrapper
Removed table list field in favor of a basic grid field
Fixed updateCMSFields() for file subsites
Migrated translations to yml
Fixed issue causing the current page to not get cleared when changing subsites in the cms
Fixed virtual page icon
Fixed language files issue