NEW Improve Unrestricted Folder warning, bump core requirement to ^4.6 (#965)

This commit is contained in:
Garion Herman 2020-06-09 21:01:09 +12:00 committed by GitHub
parent 447be1049e
commit 14ce51e517
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 20 additions and 10 deletions

View File

@ -5,17 +5,23 @@ namespace SilverStripe\UserForms\Model\EditableFormField;
use SilverStripe\Assets\File; use SilverStripe\Assets\File;
use SilverStripe\Assets\Folder; use SilverStripe\Assets\Folder;
use SilverStripe\Core\Config\Config; use SilverStripe\Core\Config\Config;
use SilverStripe\Core\Convert;
use SilverStripe\Forms\FieldList;
use SilverStripe\Forms\FileField; use SilverStripe\Forms\FileField;
use SilverStripe\Forms\LiteralField; use SilverStripe\Forms\LiteralField;
use SilverStripe\Forms\NumericField; use SilverStripe\Forms\NumericField;
use SilverStripe\Forms\TreeDropdownField; use SilverStripe\Forms\TreeDropdownField;
use SilverStripe\ORM\ValidationResult; use SilverStripe\ORM\ValidationResult;
use SilverStripe\Security\Member;
use SilverStripe\UserForms\Model\EditableFormField; use SilverStripe\UserForms\Model\EditableFormField;
use SilverStripe\UserForms\Model\Submission\SubmittedFileField; use SilverStripe\UserForms\Model\Submission\SubmittedFileField;
/** /**
* Allows a user to add a field that can be used to upload a file. * Allows a user to add a field that can be used to upload a file.
* *
* @method Folder Folder
* @property int FolderID
* @property float MaxFileSizeMB
* @package userforms * @package userforms
*/ */
class EditableFileField extends EditableFormField class EditableFileField extends EditableFormField
@ -60,14 +66,18 @@ class EditableFileField extends EditableFormField
) )
); );
$fields->addFieldToTab("Root.Main", LiteralField::create( // Warn the user if the folder targeted by this field is not restricted
'FileUploadWarning', if ($this->FolderID && !$this->Folder()->hasRestrictedAccess()) {
'<p class="alert alert-info">' . _t( $fields->addFieldToTab("Root.Main", LiteralField::create(
'SilverStripe\\UserForms\\Model\\UserDefinedForm.FileUploadWarning', 'FileUploadWarning',
'Files uploaded through this field could be publicly accessible if the exact URL is known' '<p class="alert alert-warning">' . _t(
) 'SilverStripe\\UserForms\\Model\\UserDefinedForm.UnrestrictedFileUploadWarning',
. '</p>' 'Access to the current upload folder "{path}" is not restricted. Uploaded files will be publicly accessible if the exact URL is known.',
), 'Type'); ['path' => Convert::raw2att($this->Folder()->Filename)]
)
. '</p>'
), 'Type');
}
$fields->addFieldToTab( $fields->addFieldToTab(
'Root.Main', 'Root.Main',

View File

@ -31,7 +31,7 @@
], ],
"require": { "require": {
"php": ">=7.1", "php": ">=7.1",
"silverstripe/cms": "^4.0", "silverstripe/cms": "^4.6",
"symbiote/silverstripe-gridfieldextensions": "^3.1", "symbiote/silverstripe-gridfieldextensions": "^3.1",
"silverstripe/segment-field": "^2.0", "silverstripe/segment-field": "^2.0",
"silverstripe/versioned": "^1.0" "silverstripe/versioned": "^1.0"

View File

@ -261,7 +261,7 @@ en:
EMAIL_RECIPIENT_UNSAVED_FORM: 'You will be able to select from valid form fields after saving this record.' EMAIL_RECIPIENT_UNSAVED_FORM: 'You will be able to select from valid form fields after saving this record.'
EmailFromContent: 'The from address allows you to set who the email comes from. On most servers this will need to be set to an email address on the same domain name as your site. For example on yoursite.com the from address may need to be something@yoursite.com. You can however, set any email address you wish as the reply to address.' EmailFromContent: 'The from address allows you to set who the email comes from. On most servers this will need to be set to an email address on the same domain name as your site. For example on yoursite.com the from address may need to be something@yoursite.com. You can however, set any email address you wish as the reply to address.'
FROMADDRESS: 'Send email from' FROMADDRESS: 'Send email from'
FileUploadWarning: 'Files uploaded through this field could be publicly accessible if the exact URL is known' UnrestrictedFileUploadWarning: 'Access to the current upload folder "{path}" is not restricted. Uploaded files will be publicly accessible if the exact URL is known.'
HIDEFORMDATA: 'Hide form data from email?' HIDEFORMDATA: 'Hide form data from email?'
ORSELECTAFIELDTOUSEASFROM: '.. or select a field to use as reply to address' ORSELECTAFIELDTOUSEASFROM: '.. or select a field to use as reply to address'
ORSELECTAFIELDTOUSEASTO: '.. or select a field to use as the to address' ORSELECTAFIELDTOUSEASTO: '.. or select a field to use as the to address'