Commit Graph

39 Commits

Author SHA1 Message Date
Sean Harvey
1477155653 Removing unused permission SUBSITE_ASSETS_CREATE_SUBSITE
This isn't used, according to the description it would limit the list
of subsites you can choose to apply a File/Folder to. However, this
dropdown is shown to the user based on whether they have access to
that subsite, so this unused permission code isn't needed.
2014-08-18 11:31:03 +12:00
Elliot Sawyer
205754854c Sanitise domain name field to prevent XSS attack on the CMS
PWC identified an issue with the subsites module that would allow someone with authenticated access to attack other CMS users, such as "stealing the session ID and hijacking an authenticated user's session".
I can't imagine a case where HTML would ever be allowed in the subdomain of a website, so it's a good practice to strip it out anyway.

Steps to reproduce the original issue:
1. Enter a subsite name and mark as the default site.
2. Add a new domain named <script>alert(2)</script> and mark it as primary
3. Switch to the new subsite.
4. Make a new Page. This will execute a javascript alert containing "2".

MINOR update documentation for onBeforeWrite()
MINOR add @property attributes into docblock
2014-07-16 15:43:05 +12:00
Mateusz Uzdowski
9cf7a1453f BUG Fixes to link rewriting when previewing subsites.
* JS error with href-less links.
* All forms get injected hidden fields, even though the loop attempts to
check for only the ones that submit locally.
* Also check for action-less forms.

Requires
https://github.com/silverstripe/silverstripe-framework/pull/3000 to be
merged for the Framework.
https://github.com/silverstripe-labs/silverstripe-testsession/pull/11
2014-04-02 13:39:01 +13:00
Matt Peel
fb5d791444 BUGFIX: permissions to check the ‘CMS_ACCESS_LeftAndMain’ global permission.
‘CMS_ACCESS_LeftAndMain’ is used by the PermissionCheckboxSetField to allow
applicable Members to access all CMS sections. There are then further
permissions to restrict the Members (e.g. ‘CMS_ACCESS_LeftAndMain’ will give you
access to the ‘Pages’ section, but you still need the ‘Edit any page’ permission
to actually edit anything).

This patch ensures that the subsites module follows those permissions, and
doesn’t unnecessarily deny permission to legitimate users.
2014-01-10 09:31:44 +13:00
Mateusz Uzdowski
a771e2239b Do not change the session-stored subsite, if session is not enabled.
This causes issues with Security::findAnAdmistrator which incorrectly
forces the current session-stored subsite to 0 - it uses
Subsite::currentSubsiteID before the session support is enabled, and
hence obtains wrong value.
2013-11-26 13:12:17 +13:00
Mateusz U
c04208ed79 Merge pull request #121 from stojg/pr/cleanup
Minor cleanup of subsite code
2013-11-25 16:10:55 -08:00
Stig Lindqvist
ff7328ea94 Adding docblocks to SubsiteDomain 2013-11-15 09:50:21 +13:00
Stig Lindqvist
b7f1c66de7 Make SubsiteDomain#getCMSFields extendable 2013-11-15 09:50:15 +13:00
Stig Lindqvist
859bde1257 Reorder methods and variables to follow the SS coding conventions
The coding conventions is mentioned here http://doc.silverstripe.org/framework/en/trunk/misc/coding-conventions#class-member-ordering
2013-11-11 12:09:27 +13:00
Stig Lindqvist
7bb36eae7b Adding docblocks and visibility keywords to methods 2013-11-11 11:56:02 +13:00
Stig Lindqvist
dc7a0560fb Removed Subsite::set_allowed_domains()
Removed documentation and code since the method has been throwing user error since 2010-03-01
2013-11-11 11:56:02 +13:00
Stig Lindqvist
cc0349026e Removed unused variable 2013-11-11 11:34:52 +13:00
Ingo Schommer
5ff3b691d7 More globalisation 2013-10-30 13:44:06 +01:00
Mateusz Uzdowski
5b00ba352f API Refactor to always redirect to accessible Admin location.
Tries to find an accessible section in the current site, falls back to
searching across all sites and all sections.

Also adds more powerful and generic functionss:
Subsites::all_sites - get the full list
Subsites::all_accessible_sites - get Member accessible list
LeftAndMainExtension::sectionSites - get section-specific list
2013-10-16 16:40:20 +13:00
spronkey
23e9cd40a0 Better fix for #106 using DataQuery queryParams. Thanks simon_w 2013-09-12 15:33:18 +12:00
spronkey
586d88562c Added test case for subsites virtual page onAfterWrite issue, plus changed get_from_all_subsites method to immediately eval and return an ArrayList, instead of lazy eval DataList. Fixes #106 2013-09-12 14:23:42 +12:00
Naomi Guyer
37843f447e API: Subsite support for menu of cms (hide admins that don't declare support) (fixes #101 and #89 )
* Hide admins without subsite support from subsites menu
* Add subsite support to default site areas
* Enable reloading of subsites switcher dropdown when navigating the
site, and when editing subsite areas

API Fix parallel pjax menu fetching for subsites.
- thanks Mateusz!

Delint LeftAndMain_Subsites.js
2013-08-22 13:02:46 +12:00
Ingo Schommer
b49c86bd0b Require subsite title (fixes #26) 2013-07-10 16:28:08 +02:00
Frank Mullenger
7bf6e89320 BUGFIX: Session var for active subsite out of sync with current subsite. Refs silverstripe/silverstripe-subsites#93. 2013-07-10 12:24:42 +02:00
Sean Harvey
a6990394cc Partially reverting 7c5310e1a2 2013-05-06 22:59:18 +12:00
Sean Harvey
7c5310e1a2 Fixing more uses of statics in Subsite class 2013-05-06 22:54:23 +12:00
Sean Harvey
7fee2aeea3 Defining static as private for 3.1+ 2013-05-06 22:44:19 +12:00
Sean Harvey
8ffeeb1ee6 Fixing declaration of statics to private for 3.1+ compatibility 2013-05-06 22:21:09 +12:00
Sean Harvey
0247765563 API Removed related pages functionality, this is now a separate module
If you need this functionality still, please checkout
github.com/silverstripe-labs/silverstripe-subsites_relatedpages
2013-05-01 12:35:17 +12:00
Sean Harvey
fbddc076b8 Remove underscore from label 2013-04-30 17:53:09 +12:00
Sean Harvey
9658af5cc8 Fixing subsites not working with i18n in SilverStripe 3.1
Tries to access i18n::$likely_subtags directly. Config changes in
3.1 now prevent this from happening and fails.
i18n::get_locale_from_lang() is used instead to provide the locale.
2013-04-30 15:15:11 +12:00
Sean Harvey
397f74a561 Removing underscore from text 2013-04-30 15:08:47 +12:00
Ingo Schommer
82f1d980e8 Merge remote-tracking branch 'origin/0.3'
Conflicts:
	code/SubsiteAdmin.php
	code/extensions/LeftAndMainSubsites.php
	code/extensions/SiteTreeSubsites.php
	code/model/Subsite.php
	composer.json
	javascript/SubsitesTreeDropdownField.js
	lang/en_US.php
	tests/SubsiteAdminTest.php
	tests/SubsiteTest.php
	tests/SubsiteTest.yml
	tests/SubsitesVirtualPageTest.php
2013-01-03 21:03:26 +01:00
Mateusz Uzdowski
2488489e22 BUG Switch the subsite on GET parameter only.
This fixes the bug where creating the top level pages is broken whenever
subsites module is installed. This is because the SubsiteID is
explicitly specified on AddForm POST submission, which incorrectly
triggers a redirect from LeftAndMainSubsites::init and the form action
never has a chance to execute.

Also do not look at POST when checking for the current subsite ID.
2012-10-26 11:53:40 +13:00
Sean Harvey
d4faeac98f Merge branch 'master' of git://github.com/halkyon/silverstripe-subsites into halkyon-master 2012-10-12 15:09:38 +13:00
Sean Harvey
89c6382101 Remove adminSearchFields which is never used and causes a test failure 2012-10-12 12:54:18 +13:00
Sean Harvey
488ea71c45 Removing unncessary end PHP tags from subsites code 2012-10-12 11:08:24 +13:00
Sean Harvey
d4df26db72 BUG Fixing correct URL location to pages 2012-10-10 13:49:08 +13:00
Kirk Mayo
e7c5dd5d93 BUG: Fixing creating subsites from templates trac/7318 2012-07-18 12:21:35 +12:00
Kirk Mayo
c345f6fcc5 BUG: Coding convention fixes
BUG: more coding convention fixing
2012-07-16 11:44:54 +12:00
UndefinedOffset
ef4d539a12 BUG: Merged patch from kmayo how ever re-added some of the removed fields since they really should appear on the Main Content tab instead of the Metadata tab.
Fixed a few missed strict errors

Applied patch from kmayo to fix issues with SubsiteAdminTest.php

Fixed issue causing the url segments of subsites created from a template to add -2 to the end

Fixed undefined method TotalItems() on datalist for the SubsiteTest

Fixed failure on SubsiteTest because DataObject::get_one() now returns boolean false instead of null when no result is found

Fixed failure on SubsitesVirtualPageTest caused by Versioned::get_one_by_stage() returning null instead of false

Fixed failure caused by the contact-us page existing on subsite 2

Merged another patch from kmayo

Force main site to be on, for some reason it gets hidden in some cases i.e. refreshing the cms while editing a page
2012-07-16 11:21:54 +12:00
UndefinedOffset
598b0253f5 BUG: Coding convention updates 2012-07-16 11:21:30 +12:00
Ed
c9d3a1f854 BUG: More SS 3.0 modifications
Fixes for SS 3.0 beta 3

Fixed compatibility issues with ss3.0 rc1

fixed potential issue caused by the from array format changing in 3.0

Fixed strict standards warnings

Fixed strict notice "Only variables should be passed by reference"

Fixed strict notice "Only variables should be passed by reference"

Fixed strict notice caused by SubsiteAdmin not declaring all of the properties for getCMSFields()

Made Subsite::accessible_sites() static

Fixed issue caused when trying to add a domain before saving for the first time

Fixed undefined property ParentID
2012-07-16 11:21:24 +12:00
Ed
2ef72b374c BUG: Modifying the module to work with SS 3.0
Replaced deprecated DataObjectDecorator with DataExtension

Fixed hard crashes in the cms

Updated to support new LeftAndMain template structure

Made the subsites model admin functional

Moved the LeftAndMain_Menu template up a directory so it overrides the core

Fixed some errors caused by changes to the framework

Re-organized the code folder

Fixed permission issue causing to default to first subsite regardless if it is the default or not

Fixed crashes on the subsite virtual page when creating/editing

Removed toDropdownMap() calls replacing with map()

Fixed the URLSegment field on subsites

Fixed error when detecting subsite for a domain

Improved styles on the subsite dropdown

Updated LeftAndMain_Subsites.js to work with jQuery entwine

Started porting the SubsitesTreeDropdownField.js to use jQuery entwine and work with the new TreeDropdownField.js

Fixed issue causing crash when viewing a page who is linked to by a subsite virtual page

Removed unused methods on SubsitesTreeDropdownField.js

Re-added classes that were moved

Fixed hard crash after saving caused by the many_many definition on SiteTreeSubsites

Replaced deprecated DataObjectSet creation with ArrayList

Compatibility fixes with SS 3.0 beta 2

Fixed crash in cms caused by no parameter being passed to the SubsiteReportWrapper constructor

Proper fix for report wrapper

Removed table list field in favor of a basic grid field

Fixed updateCMSFields() for file subsites

Migrated translations to yml

Fixed issue causing the current page to not get cleared when changing subsites in the cms

Fixed virtual page icon

Fixed language files issue
2012-07-16 11:18:38 +12:00