silverstripe / silverstripe-framework Goto Github PK
View Code? Open in Web Editor NEWSilverstripe Framework, the MVC framework that powers Silverstripe CMS
Home Page: https://www.silverstripe.org
License: BSD 3-Clause "New" or "Revised" License
Silverstripe Framework, the MVC framework that powers Silverstripe CMS
Home Page: https://www.silverstripe.org
License: BSD 3-Clause "New" or "Revised" License
created by: wakeless
assigned to: @sminnee (sminnee)
created at: 2008-08-20
original ticket: http://open.silverstripe.org/ticket/2752
If a subclass of Page/SiteTree overrides getCMSFields like:
function getCMSFields() {
$fields = parent::getCMSFields();
dostuff with $fields
return $fields;
}
updateCMSFields gets called on all extensions before the dostuff with fields section of the code. This interfers with using Translatable for subclasses of Page for 1 thing.
created by: doubledotmedia
created at: 2010-09-21
original ticket: http://open.silverstripe.org/ticket/6022
If the core post-rewrite url is hit directly, silverstripe does nothing to correct it.
e.g.
http://silverstripe.org/sapphire/main.php?url=silverstripe-cms
This can cause issue with duplicate content in search engines and means pages can be accessed at urls which you didn't intend (ie I can link to this page
http://silverstripe.org/sapphire/main.php?url=silverstripe-cms which will then index it and cause issues within Google)
Need to check and force (301 redirect) to 'clean' url which in the example above would be http://silverstripe.org/silverstripe-cms
Due to some people actually needed this (if they can't use mod_rewrite) might need a config setting in the _ss_environment file to enable this forced correction.
created by: hamish
assigned to: @ajoneil (aoneil)
created at: 2009-02-10
original ticket: http://open.silverstripe.org/ticket/3525
If the user is logged in, an API GET query for an object will return a DataObjectSet containing the found DataObjects. If the user is not logged in, RestfulServer should return a permission failure. Instead, if the user is logged out, an empty DataObjectSet is returned, with the totalSize attribute. This is dangerous, as it allows logged out users to trawl api-visible objects.
Example with a site I am working on. URL requested is: http://xxxx/api/v1/CompanyObject
If I am logged in as an administrator, this returns:
<DataObjectSet totalSize="1">
<CompanyObject href="http://xxxx/api/v1/CompanyObject/1.xml">
<Name>test0</Name>
<Address1>test1</Address1>
<Address2>test2</Address2>
<Address3>test3</Address3>
<PostCode>test4</PostCode>
<ImportKey>999</ImportKey>
<ID>1</ID>
<Staff linktype="has_many" href="http://xxxx/api/v1/CompanyObject/1/Staff.xml">
</Staff>
</CompanyObject></DataObjectSet>
If I am not logged in, I get:
<DataObjectSet totalSize="1"></DataObjectSet>
''I've come across a few security issues with RestfulService. Suggest a review of how security is maintained in exposed objects''
created by: nzmkey
created at: 2011-06-06
original ticket: http://open.silverstripe.org/ticket/6655
Summary:
An existing level 1 page that has been moved in draft will change the order of the item in the live menu if another level is published to live.
Test case:
-Create 3 pages in level 1 (PageA, PageB, PageC) and publish to Live
-You should see live menu with 3 items in the follow order: PageA, PageB, PageC
-Move PageC as a child of PageB and Save (Do Not Publish)
-You should see draft menu with 2 items: PageA, PageB
-You should see live menu with 3 items: PageA, PageB, PageC
-Publish PageA with no changes
Expected results:
-You should see draft menu with 2 items: PageA, PageB
-You should see live menu with 3 items: PageA, PageB, PageC
Actual Results:
-You should see draft menu with 2 items: PageA, PageB
-You should see live menu with 3 items: PageC, PageA, PageB
I have replicated this in open.silverstripe.org on 7 June 2011
What stated in documentation http://doc.silverstripe.org/framework/en/3.1/topics/i18n#usage-in-template-files doesn't work.
not working...
created by: @chillu (ischommer)
assigned to: @chillu (ischommer)
created at: 2010-07-01
original ticket: http://open.silverstripe.org/ticket/5768
There's 1001 methods in SilverStripe to do logging, debugging and output. Some of them respect CLI mode, others enforce HTML, some of them render differently with Ajax requests. All in all: Its a mess. I would like to make this more consistent, ideally around Zend_Log. We also need to distinguish more clearly between output helpers like Debug::show() and logging (SS_Log::log()).
For the moment, I'm just collecting what we have - its unclear how this will be solved.
== Context ==
Context should really be handled by the requested Content-Type in the HTTP header. Any CLI scripts should ensure that "text/plain" is set. One use case is dev/build, which can be run through a URL with differently coloured HTML (and a header with linked breadcrumbs), but also on CLI with plaintext output.
== Methods: Output/Log ==
== Methods: Inspection/Debugging ==
created by: toddvalentine
created at: 2011-07-20
original ticket: http://open.silverstripe.org/ticket/6684
I noticed that when I was using the HTML5
tag in my document, Requirements::javascript was including all files twice. It was suggested to me that this might be because the grammar/regex method which adds stuff to the 'head' tag must also be matching the 'header' tag.created by: gordonbanderson
created at: 2011-04-24
original ticket: http://open.silverstripe.org/ticket/6608
I initially thought this problem was due to memory limitations (90M) on Dreamhost, but I managed to recreate the problem locally.
To recreate the problem:
Nothing appears to happen visually.
When I change the name of the file to say 'fred.jpg' then the upload works
The workaround for the moment is to rename the files as English
created by: @chillu (ischommer)
created at: 2010-05-04
original ticket: http://open.silverstripe.org/ticket/5535
At the moment the ShortcodeParser just applies in HTMLText/HTMLVarchar->forTemplate(). This getter is not used when further processing the output or using an alternative, e.g. through FirstParagraph().
SHortcodes should be respected in all those getters, specifically:
Also, its unclear why its limited to HTML fields only - text fields should be able to have shortcodes as well, right? Best example being the bbcode style enforced on BlogEntry.Content.
created by: @chillu (ischommer)
assigned to: @chillu (ischommer)
created at: 2008-11-25
original ticket: http://open.silverstripe.org/ticket/3153
This is a frequently used field with poor code structure, virtually no documentation, and lots of permutations ($source and $value as SQLMap, array, CSV-string, DataObjectSet). Document the different usages and unit test them.
created by: @halkyon (sharvey)
created at: 2010-10-18
original ticket: http://open.silverstripe.org/ticket/6117
When modifying the default value of an "Enum" DBField type in sapphire, the default value never gets fixed when dev/build is called. The reason for this is because MySQL uses enum data types, whereas MSSQL and PostgreSQL use constraints "CHECK" and "IN" keywords to check the values.
This code in particular not work with MSSQLDatabase, or PostgreSQLDatabase because it assumes the data type will always be an enum.
} else if($fieldValue != $specValue) {
// If enums/sets are being modified, then we need to fix existing data in the table.
// Update any records where the enum is set to a legacy value to be set to the default.
// One hard-coded exception is SiteTree - the default for this is Page.
foreach(array('enum','set') as $enumtype) {
if(preg_match("/^$enumtype/i",$specValue)) {
$newStr = preg_replace("/(^$enumtype\s*\(')|('$\).*)/i","",$spec_orig);
$new = preg_split("/'\s*,\s*'/", $newStr);
$oldStr = preg_replace("/(^$enumtype\s*\(')|('$\).*)/i","", $fieldValue);
$old = preg_split("/'\s*,\s*'/", $newStr);
$holder = array();
foreach($old as $check) {
if(!in_array($check, $new)) {
$holder[] = $check;
}
}
if(count($holder)) {
$default = explode('default ', $spec_orig);
$default = $default[1];
if($default == "'SiteTree'") $default = "'Page'";
$query = "UPDATE \"$table\" SET $field=$default WHERE $field IN (";
for($i=0;$i+1<count($holder);$i++) {
$query .= "'{$holder[$i]}', ";
}
$query .= "'{$holder[$i]}')";
DB::query($query);
$amount = DB::affectedRows();
$this->alterationMessage("Changed $amount rows to default value of field $field (Value: $default)");
}
}
}
Profiler::mark('alterField');
$this->transAlterField($table, $field, $spec_orig);
Profiler::unmark('alterField');
$this->alterationMessage("Field $table.$field: changed to $specValue <i style=\"color: #AAA\">(from {$fieldValue})</i>","changed");
}
I think having this work with CHECK and IN clauses would be helpful, as MySQL is the only supported database we have which supports the enum data type and so this is not useful being in the abstract Database class if it doesn't work for other databases.
created by: @chillu (ischommer)
created at: 2009-06-03
original ticket: http://open.silverstripe.org/ticket/4192
This problem pops up when using Database->dontRequireField(). It is basically useless for the first dev/build on a new database, as it tries to list all fields in a table that doesn't exist yet. Tables are created "transactional" using Database->transCreateTable(), but other commands are not transactional:
Create Database->transRenameField() and transRenameTable(), or hook them into transAlterField() etc.
To test this behaviour, please implement the attached patch for Versioned.php. At the moment, certain columns in Versioned are not marked as obsolete, hence continue filling versioned queries with redundant and wrong data (see r78358 for details)
created by: hamish
created at: 2009-11-18
original ticket: http://open.silverstripe.org/ticket/4734
The attached patch contains a new "CompositeSearchFilter" that encapsulates multiple filters to be attached to a single SearchContext filter.
Because search context filters are keyed by their source name (eg "Name"), you cannot easily apply multiple filters to the single source.
This filter will apply the value of the source field to each of it's contained filters, returning the modified SQLQuery.
For example, this SearchContext allows the user to search the "Name", "Aliases" and "Number" fields from a single "Reference" field. This is tested and working 'in the wild':
function getDefaultSearchContext() {
$fields = new FieldSet(new TextField('Reference'));
$filters = array(
'Reference' => $f = new CompositeSearchFilter(
array(
new PartialMatchFilter('Name'),
new PartialMatchFilter('Aliases'),
new PartialMatchFilter('Number'),
)
)
);
$context = new SearchContext(
$this->class,
$fields,
$filters
);
$context->connective = "OR";
return $context;
}
As a follow up, would it be appropriate to extend this class slightly to allow more complex queries with nested ANDs and ORs? At the moment, you are basically stuck with either a universial AND or OR set at the SearchContext level.
CompositeSearchContexts could create empty SQLQueries with either conjuctive or adjunctive filters. On apply($query) they then add their local $query->getFilter() to the passed $query.
Wouldn't be much work to implement and gives ModelAdmin users a lot more power, not to mention more versatile search contexts in general.
Conceptually, for example, the following SearchContext would allow a general filter on Blog posts
function getDefaultSearchContext() {
$fields = new FieldSet(
new TextField('Content'),
new TextField('Person')
);
$filters = array(
'Content' => new CompositeSearchFilter(
array(
new PartialMatchFilter('Title'),
new PartialMatchFilter('Content'),
new PartialMatchFilter('Tags'),
), "OR")
),
'Person' => new CompositeSearchFilter(
array(
new PartialMatchFilter('Author'),
new PartialMatchFilter('Comments.Author')
), "OR"
)
);
$context = new SearchContext(
$this->class,
$fields,
$filters
);
$context->connective = "AND";
return $context;
}
created by: paradigmincarnate
created at: 2011-04-07
original ticket: http://open.silverstripe.org/ticket/6588
SilverStripe uses webserver rules (e.g. .htaccess, mod_rewrite) to put the path into a query parameter named 'url'.
In sapphire/main.php some adjustments are made to this to ensure it's uniform across all web servers.
The fixed/normalised value then resides in $_GET['url']
SilverStripe then goes on to use $_REQUEST['url'] in some places to represent the page url.
This is a problem for 2 reasons.
Surely the easiest way to fix this is to replace all use of $_REQUEST['url'] with $_GET['url'] or SS_HTTPRequest::getUrl()
The url shouldn't come from a query anyway, but should be grabbed form REQUEST_URI since putting it in the query causes all sorts of encode/decode issues.
created by: @chillu (ischommer)
assigned to: trix
created at: 2009-05-25
original ticket: http://open.silverstripe.org/ticket/4126
See #1373 for similiar ticket on Date and SSDateTime.
== Features ==
setLocale()
and getLocale()
setValue()
to parse times according to localesetValue()
: Unix timestamp, ISO 8601 string, or Time DBFieldsetOptions()
which is passed through to Zend_Datevalidate()
method using Zend_Date_Validate->isValid(). Make sure to set locale and format on Zend_Date_Validate whenever passed into the class, e.g. through setLocale()
. Use Zend_Date_Validate->setFormat('HH:ii:ss') or similiar to provide time only.== Out of scope ==
created by: taro
created at: 2011-07-06
original ticket: http://open.silverstripe.org/ticket/6676
If i use the ssimage, ssflash, ... the sidebar doesn't work if i use Google Chrome. There is no JS Error but the overlaying container (i think it's "Form_EditForm") doesn't shrink, so the image, flash or link-form is not visible.
created by: @sminnee (sminnee)
assigned to: @sminnee (sminnee)
created at: 2008-10-08
original ticket: http://open.silverstripe.org/ticket/2914
= Installer updates =
== Contact ==
== Status ==
Brainstorming
== Motivation ==
== Spec ==
In essence, the installer is responsible for the following things:
=== Installer re-bundling ===
Instead of setting the installer up as a separate package, it should be bundled into the Sapphire package, handled with a controller such as dev/install or dev/update. Obviously, there would be some work needed to ensure that the installer can successfully give a "your system isn't configured properly" line, but there are some techniques that we can follow.
Alternatively, we might have a sapphire/safe-mode.php, which runs a more conservative version of Sapphire.
As an alternative to RootURLController could perform this check: this would mean that if a SilverStripe developer checks out a project, it's going to automatically run db/build the first time they visit the site - could be very cool. You could even have some kind of system where the current svn revision was compared to the svn revision that a database update was last executed on - could be very powerful indeed!
=== _ss_environment.php
Management ===
Instead of updating mysite/_config.php, the installer should manage _ss_environment.php. It should let people manage an _ss_environment.php file for a single site, or a shared file for all sites.
The only thing that should be written to mysite/_config.php is the database name, and it should be done in a manner that preserves other content in the file.
=== .htaccess
Generation ===
Create a build task that is responsible for generating and/or updating a SilverStripe .htaccess file. This isn't needed just by the installer for 3rd parties; for example, .htaccess updates are required for static caching.
=== Module Manager ===
As part of all this work, a module manager for upgrading and installing modules would be particularly handy. You could use this to upgrade the version of SilverStripe you were using, as well as install modules.
== Results ==
== Plans ==
created by: @halkyon (sharvey)
created at: 2011-04-07
original ticket: http://open.silverstripe.org/ticket/6590
If you combine CSS files at the moment, the combined file is stored in assets by default.
However, any relative URL references to images in CSS are no longer valid, and cause 404s when a page is rendered.
Either we remove the ability to combine CSS or we fix the combiner to rewrite the URLs to the proper base of where the combined file is located.
created by: @chillu (ischommer)
assigned to: @chillu (ischommer)
created at: 2009-05-25
original ticket: http://open.silverstripe.org/ticket/4125
Add Zend_Date as an internal object instance to handle all actual conversion.
== Features ==
setLocale()
and getLocale()
setValue()
to parse dates according to localesetValue()
: Unix timestamp, ISO 8601 string, or Date DBFieldcompare()
and equals()
which takes a DBField argument (rather than Zend_Date) and passes through current value to Zend_DatesetOptions()
which is passed through to Zend_DateNiceUS()
and FormatI18n()
$this->value
to use Zend_Date instead of strotime() etc.RangeString()
$this->value
references with $this->getValue()
.Zend_Date->isLater()
for InFuture()
Zend_Date->isEarlier for
InPast()```Zend_Date->isTomorrow()
, Zend_Date->isYesterday()
, Zend_Date->isLeapYear()
validate()
method using Zend_Date_Validate->isValid(). Make sure to set locale and format on Zend_Date_Validate whenever passed into the class, e.g. through setLocale()
== Out of scope ==
== Optional ==
== Notes ==
created by: paradigmincarnate
created at: 2011-04-12
original ticket: http://open.silverstripe.org/ticket/6597
My code uses FieldSet::insertBefore() to add a field.
A third party changed their code so the other field no longer exists.
My field now isn't inserted at all.
FieldSet::insertBefore() takes 2 parameters. The first is a field to insert, the second is the name of another field before which to insert it.
If a second parameter is passed, and there's no existing field by that name, the first field will not be inserted.
I propose that FieldSet::insertBefore() will always add the field (either first or last) if the "existing field" doesn't exist.
In the alternative, an exception should be thrown to indicate that the "existing field" could not be found.
Any time insertBefore() is called, the developer expects that their field will be inserted. To silently not do so is unintuitive.
created by: nicolaas
created at: 2011-07-19
original ticket: http://open.silverstripe.org/ticket/6683
when I create a new field in a dataobject then I expect the default for the existing records to be set to the default (if a default is defined of course).
//just added these two lines to my Data Object:
public static $db = array("MyNewField" => "Varchar");
public static $defaults = array("MyNewField" => "YYY");
The same thing should perhaps also apply later, when I add a default like this
//I just added this line
public static $defaults = array("MyNewField" => "YYY");
that is, if the existing records of the dataobject are NULL or a zero length string then perhaps they should bet set to YYY?
created by: burnbright
created at: 2011-05-30
original ticket: http://open.silverstripe.org/ticket/6649
The is_cli function on Director.php only functions correctly when php_sapi_name() returns 'cli', however some setups run cron jobs with 'cgi-fcgi', causing the function to return false.
The execution will therefore act as a web-based rather than command-line, resulting in html output of the secuirty login page being returned to the cron output.
created by: @chillu (ischommer)
assigned to: @sminnee (sminnee)
created at: 2010-04-15
original ticket: http://open.silverstripe.org/ticket/5415
= Changelog =
API CHANGE Checking for SiteTree->canView() permissions in the cms tree (via LeftAndMain->getSiteTreeFor() and Hierarchy->getChildrenAsUL())
ENHANCEMENT Using SiteTree::can_view_multiple() in SiteTree->canView() (similar to canEdit())
ENHANCEMENT Checking for SiteTree->canView() permissions in LeftAndMain->show()
BUGFIX Don't return false in SiteTree::back_permission_check() automatically if no valid member is passed - the permission might still be granted (e.g. for SiteTree->canView())
BUGFIX Allowing explicitly checking for permissions without current member fallbacks via passing $member=FALSE in SiteTree->canView()/canEdit()
BUGFIX Passing $globalPermission and $useCached parameters to recursive calls in SiteTree::back_permission_check()
BUGFIX Checking for can_view_multiple() in SiteTree::can_edit_multiple() - if view permissions are declined, we assume edit permissions are denied automatically as well (this was a regression from canEdit() behaviour prior to the batch permission changes)
= Notes =
created by: [email protected]
created at: 2011-04-19
original ticket: http://open.silverstripe.org/ticket/6605
Text.ContextSummary changes case of the original text. I.e. A search for "John Key" will highlight as "john key". This is a problem with proper names and brand names.
The search term should highlighted without changing the inner text.
created by: @chillu (ischommer)
assigned to: @kmayo-ss (kmayo)
created at: 2009-03-09
original ticket: http://open.silverstripe.org/ticket/3684
This is an interesting one, raised by one of our partners: you can redirect to different internal URLs by using the "url" GET parameter.
Example (works on standard installation): /about-us/?url=contact-us
will show the "contact-us" page, not "about-us". This has several implications:
I would suggest to limit parsing of the ?url parameter to scenarios where REQUEST_URI starts with /sapphire/main.php
@sam: Thoughts? How does this get influenced by your work on URLs without mod-rewrite (index.php/about-us)?
created by: samthejarvis
created at: 2011-06-07
original ticket: http://open.silverstripe.org/ticket/6657
If you put nothing in the search box, you get a MySQL error.
created by: @MarcusDalgren (smurkas)
created at: 2009-09-04
original ticket: http://open.silverstripe.org/ticket/4546
Currently the code for figuring out the table name from the belongs_many_many side (line 26 to 31) returns an incorrect table name.
Since the name of the joining table is defined by the many_many class the belongs_many_many class will have to look up it's related class and then check the relationship again from that end to determine the table name.
This is of course doable but a simpler solution would be to change the naming convention for joining tables. Right now a joining table gets the name of the many_many class + _ + whatever the developer decides to call the connection to the belongs_many_many class. The simple solution here would be to simply name the joining table to many_many class + _ + belongs_many_many class.
That way figuring out the name of the joining table would be less of a hassle. If this breaks to much/isn't feasible then I have a patch for the first solution I proposed.
created by: @chillu (ischommer)
assigned to: hfried
created at: 2010-07-11
original ticket: http://open.silverstripe.org/ticket/5807
Currently its too complicated to invalidate partial caches in templates (you basically have to comment out the <% cache %> part. I've talked to Hamish a while ago, we think it'd be more intuitive to invalidate caches on ?flush=all as well (it roughly fits in the "clear template cache" thinking). This has to be limited to ADMIN access of course, to avoid denial of service attacks.
created by: @oddnoc (fcondo)
created at: 2011-04-06
original ticket: http://open.silverstripe.org/ticket/6586
If a form has a SelectionGroup, the JS for RequiredFields throws an error:
$("''some_form_id''").validate is not a function
This can be corrected by also loading jquery_improvements.js
created by: @chillu (ischommer)
created at: 2009-03-09
original ticket: http://open.silverstripe.org/ticket/3686
Turn SSViewer into a facade for different backends (similiar to Requirements class).
Template engines should be selectable by "site mode" - as the CMS backend will most likely stay in standard SSViewer syntax, while the frontend templates are exchangeable.
Each template engine would register one or more file extensions (.ss=SSViewer,.tpl=Smarty). This is a necessary convention to avoid confusion in any "autodetection" and fallbacks.
Ideally, templates would fall back to the "default implementation" (SSViewer) - otherwise its hard to use templates from external modules - e.g. a website might render Page.ss in Smarty, but include BlogHolder->TagCloud(), which renders TagCloud.ss via SSViewer.
Some requirements for the facade:
How about naming this facade View
, and keeping SSViewer as a specific renderer implementation? We would need to pass SSViewer::process(), ::current_theme() etc. through to the new View implementation though for legacy reasons, which might be more trouble than its worth...
created by: omarkohl
created at: 2011-04-11
original ticket: http://open.silverstripe.org/ticket/6594
In the Text class (sapphire/core/model/fieldtypes/Text.php) the function ContextSummary handles UTF-8 characters such as german Umlauts wrongly when those characters belong to words that get cut in half (because of the length of the context).
For example with $characters = 10 and searching for string 'abc' in this content 'abc def ghijkl' the result is 'abc def gh?'.
My fix is changing line 292 from:
$summary = substr($text, $position, $characters);
to:
$summary = utf8_encode(substr(utf8_decode($text), $position, $characters));
created by: @chillu (ischommer)
created at: 2011-03-21
original ticket: http://open.silverstripe.org/ticket/6534
Given that you can trigger a sync() from the UI (button at bottom left of AssetAdmin), this means a normal user action can cause PHP to exceed its memory, or in the worst case bring down a server running out of memory when having couple of thousand pages.
Rewrite to either find affected pages for link/image tracking, or iterate through sitetree in batches for ~100. This will most likely be eased by the ORM rewrite in 3.0, but would still create/cache large in memory footprints - so really we need to avoid a full DataObject::get().
created by: swaiba
created at: 2011-04-04
original ticket: http://open.silverstripe.org/ticket/6581
in DataObject function dbObject the first test looks for the item within the "record" shouldn't it look within the "db"?
I've added a temporary DataObject field to a DataObject in the controller before being used in the template. this then throws an error in DataObject->hasValue as dbObject returns the object instead of null and then calls hasValue on the object itself - which in this case because it's a custom created DataObject errors.
dataobject...
class MyObj extends DataObject {
static $db = array('Name'=>'Text');
}
controller...
function MyObjs() {
$dos = DataObject::get('MyObj');
if ($dos) foreach ($dos as $do) {
$doNew = new DataObject();
$doNew->NewDataString = 'stuff';
$do->NewData = $doNew;
}
}
template...
<% control MyObjs %>
<% if NewData %><% control NewData %> <-- error occurs here
$NewDataString
<% end_if %><% end_control %>
<% end_control %>
created by: @chillu (ischommer)
created at: 2009-04-23
original ticket: http://open.silverstripe.org/ticket/3911
See test below, which is currently failing. When changing the ClassName of an existing record to a new class with more fields (and hence sub-tables), no row is created for the record in the new tables. It is only created when actual rows are written for this record.
DataObjectTest.php
function testClassNameChangeCreatesNewTables() {
// create original
$orig = new DataObjectTest_Team();
$orig->write();
$origID = $orig->ID;
// change page type to subclass with new database fields
$orig->ClassName = 'DataObjectTest_SubTeam';
// save without changing any subclass-specific fields
// (which would trigger creation of the database row in the subclass table)
$_REQUEST['showqueries'] = 1;
//$orig->forceChange();
$orig->write();
// Getting a new record, to give the ORM a chance to initialize it properly
// querying parent class, but testing subclass later on
$new = DataObject::get_by_id('DataObjectTest_SubTeam', $origID);
$this->assertNotNull($new);
$this->assertEquals(
DB::query(sprintf('SELECT "ID" FROM "DataObjectTest_SubTeam" WHERE "ID" = %d', $origID))->column(),
array($origID),
'Row in sub-table is created even if all values are NULL after changing the class name'
);
}
created by: Simon
created at: 2011-04-19
original ticket: http://open.silverstripe.org/ticket/6604
The AjaxUniqueTextField.php does not keep in mind its current page/object. If you want to change a value on a page or dataobject, it will return an error, even though the value is unique.
I've added the check on current ID, so it'll ignore itself. This way, the check is actually on if it is unique.
http://sspaste.com/paste/show/4dad640063ad0
In this little change, the $this->ID needs to be in the AjaxUniqueTextField call at position 5.
Becoming:
new AjaxUniqueTextField($name, $title, $restrictedField, $restrictedTable, $id, $value, $maxLength, $validationURL, $restrictedRegex)
It could probably be done better, but it works.
created by: @chillu (ischommer)
assigned to: @sminnee (sminnee)
created at: 2008-11-09
original ticket: http://open.silverstripe.org/ticket/3043
Ingo: canView() doesn't seem to make sense in a File/Folder context as you can view those items through a URL without sapphire intervention.
Sam: It would be good to have an execution mode for the site where all assets/* URLs were mediated by sapphire - you could do that with another URL-rewriting rule...
RewriteCond %{REQUEST_URI} ^(assets/.*)$
RewriteRule .* sapphire/main.php?url=%1&%{QUERY_STRING} [L]
created by: employboy
created at: 2011-04-05
original ticket: http://open.silverstripe.org/ticket/6584
LINE 92 OF CheckboxSetField.php WHERE else is reached
if(is_a($values, 'DataObjectSet') || is_array($values)) {
$items = $values;
} else {
$items = explode(',', $values);
$items = str_replace('{comma}', ',', $items);
}
What's happening here is that when the else is reached them $items are exploded whether $items is empty or not, or null of that matter. When using explode in php (I don't know this may depend on the install) even empty items when exploded result in an array with an empty value. This registers as an empty value if you have 0 as item in the source resulting in
'checked="checked"' for the item.
My suggested fix would be:
if(is_a($values, 'DataObjectSet') || is_array($values)) {
$items = $values;
} else {
if($values == null){
$items = array();
}else{
$items = explode(',', $values);
$items = str_replace('{comma}', ',', $items);
}
}
created by: @chillu (ischommer)
created at: 2009-03-17
original ticket: http://open.silverstripe.org/ticket/3734
See http://www.phpro.org/tutorials/PHP-Security.html http://open.silverstripe.org/ticket/4
The underlying classes in Mailer.php seem to be vulnerable to this when working with $customheaders. I think stripping newlines in processHeaders() is enough to prevent this, right?
created by: nicolaas
created at: 2011-06-25
original ticket: http://open.silverstripe.org/ticket/6670
I got a strange error - I installed a new project and I could not save it... on the live server I got: out of memory; on my dev server I got - out of time (30 seconds).
Check out this code in SiteTree.php
// Ensure that this object has a non-conflicting URLSegment value.
$count = 2;
while(!$this->validURLSegment()) {
$this->URLSegment = preg_replace('/-[0-9]+$/', null, $this->URLSegment) . '-' . $count;
$count++;
}
If the function validURLSegment always returns false then it keeps going up and up.
The reason I got this error:
Object::add_extension('ContentController', 'BrowseBusinessDecorator_Controller');
class BrowseBusinessDecorator_Controller extends Extension {
static $allowed_actions = array(
"createnewbusinesslistingfrompoint" => true
);
}
As soon as I removed
I recommend we at least have a check on the loop in sitetree, so that it stops counting after 100 pages or something.... Otherwise you can not even run /dev/build/ (in case any pages are written).
created by: @chillu (ischommer)
created at: 2010-09-19
original ticket: http://open.silverstripe.org/ticket/6013
Should also fall back to using Zend_Locale on Nice() if no format override is defined, rather than hardcoding 'd/m/Y'. Once thats implemented, we can also deprecated locale specific stuff like NiceUS().
created by: @chillu (ischommer)
created at: 2009-03-20
original ticket: http://open.silverstripe.org/ticket/3746
Followup on http://www.silverstripe.org/migrating-a-site-to-silverstripe/show/256159?start=0#post256720
We use UTF-8 for internal storage and output, but using non-multibyte-safe methods to process them inbetween, which can lead to problems. Best example: strlen() will give you wrong lenghts on a multibyte string.
Nice summary of the problem scope and solutions:
http://www.nicknettleton.com/zine/php/php-utf-8-cheatsheet
Some points to fix:
Additional reads about UTF-8 handling in PHP5 on PHPWACT:
created by: @halkyon (sharvey)
assigned to: @halkyon (sharvey)
created at: 2010-12-15
original ticket: http://open.silverstripe.org/ticket/6269
Uploads are not viewable directly in the URL, causing TinyMCE to show a broken image when you insert a new image.
Steps to reproduce:
PHP is able to create the file with the correct permissions, but when you view the URL you get a "URL Rewrite Module Error".
Interestingly enough, resampling the file works fine. I've checked permssions and they appear to be correct.
If you remove the section of the web.config file, the file can then be viewed.
However, that doesn't appear to be the cause of the issue.
The cause I can see is newly uploaded files are missing the IIS_IUSRS group. This essentially means the file wasn't created inside the Uploads folder to inherit the parent permissions, but instead moved directly from temp which files inherit from very limited permissions in the system temp.
Reference: http://silverstripe.org/installing-silverstripe/show/15172#post296738
created by: sdf
created at: 2011-04-26
original ticket: http://open.silverstripe.org/ticket/6611
Trying to run the PHPUnit tests on some platforms in certain configurations will cause a Fatal error to stop any testing from proceeding. The common output is similar to below:
PHP Catchable fatal error: Argument 1 passed to Email::set_mailer() must be an instance of Mailer, null given, called in /mnt/hgfs/OU Annotate/app/www/sapphire/dev/SapphireTest.php on line 368 and defined in /mnt/hgfs/OU Annotate/app/www/sapphire/email/Email.php on line 75
The issue is caused due to the SapphireTest::tearDown() method not doing proper type checking before assigning the old mailer. The patch attached fixes this issue.
created by: neilcreagh
created at: 2011-07-14
original ticket: http://open.silverstripe.org/ticket/6680
Silverstripe is generating a bad HTTP header. The content-type header has quotes around the charset value. For example,
content-type: text/xml; charset="utf-8"
is used when it should be
content-type: text/xml; charset=utf-8
Most modern browsers are lenient and allow the bad header, but Adobe BrowserLab is tripped up by the quotes and will not work for ANY Silverstripe websites.
created by: @chillu (ischommer)
assigned to: @chillu (ischommer)
created at: 2009-01-25
original ticket: http://open.silverstripe.org/ticket/3427
Currently we have our own (procedural SilverStripe 1) code for sending html and plaintext emails. It contains all kinds of funky exceptions and tweaks which are not tested nor understood by many ;) There's also a lot of redundancy (and slight differences) between the plaintext and html implementations. We also see increased demand in sending unicode emails in all kinds of flavours, which increases the scenarios which we most likely haven't tested in full before.
I'd suggest we move to a solid, documented and unit tested Mailer implementation.
Originally I've suggested PHPMailer (http://phpmailer.codeworxtech.com), but its license incompatible (GPL).
Main candidate is Zend_Mail - http://framework.zend.com/manual/en/zend.mail.html (would fit well with our other use of Zend).
The main task here is to identify which features overlap and what we need to re-implement - which I expect is very little.
We should make the base mailer implementation pluggable, although it might not be feasible to support all potential options through a wrapper (e.g. adding attachments).
Some examples of the weirdness that is the current implementation:
$subjectIsUnicode = (strpos($subject,"&#") !== false);
function QuotedPrintable_encode($quotprint) {
$quotprint = (string) str_replace('\r\n',chr(13).chr(10),$quotprint);
$quotprint = (string) str_replace('\n', chr(13).chr(10),$quotprint);
$quotprint = (string) preg_replace("~([\x01-\x1F\x3D\x7F-\xFF])~e", "sprintf('=%02X', ord('\\1'))", $quotprint);
//$quotprint = (string) str_replace('\=0D=0A',"=0D=0A",$quotprint);
$quotprint = (string) str_replace('=0D=0A',"\n",$quotprint);
$quotprint = (string) str_replace('=0A=0D',"\n",$quotprint);
$quotprint = (string) str_replace('=0D',"\n",$quotprint);
$quotprint = (string) str_replace('=0A',"\n",$quotprint);
return (string) $quotprint;
}
created by: @chillu (ischommer)
created at: 2010-11-25
original ticket: http://open.silverstripe.org/ticket/6232
Followup from http://open.silverstripe.org/ticket/6177
Zend_Currency is a mature library that builds on the Unicode library with couple of dozen definitions for currency display, formatting, symbols, etc. - see http://framework.zend.com/manual/en/zend.currency.html
It should replace the currently hardcoded formatting in CurrencyField and Currency classes.
created by: @chillu (ischommer)
assigned to: trix
created at: 2009-05-25
original ticket: http://open.silverstripe.org/ticket/4127
See #1373 and #1374 for similiar tickets.
Essentially, numbers in their "nice" display have to be formatted according to the locale (decimal and thousands separators).
== Features ==
setLocale()
and getLocale()
setValue()
to parse times according to localesetOptions()
which is passed through to Zend_LocaleZend_Locale_Format::getNumber()
for any formatting in Nice()
, Round()
, NiceRound()
. Replace all calls to number_format()Zend_Locale_Format::isNumber()
in setValue()
and any other occurrence of is_numeric()
requireField()
== Out of scope ==
== Notes ==
created by: @halkyon (sharvey)
assigned to: @halkyon (sharvey)
created at: 2010-07-15
original ticket: http://open.silverstripe.org/ticket/5835
In cms, sapphire, there's an .htaccess file which blocks access to various PHP scripts for security reasons.
IIS is a popular web server, so having a web.config that does the equivalent of this out of the box might be a good idea too.
e.g. http://localhost/ss24/cms/_config.php should not be allowed on IIS.
It's unclear whether IIS supports blocking requests by extension, but there should be some sort of request filtering that could achieve the same effect as the current .htaccess files in the cms and sapphire directories.
created by: lhudson
created at: 2010-04-01
original ticket: http://open.silverstripe.org/ticket/5327
Methods such as the following should be defined (abstract ideally) in SS_Database, partly as a contract for subclasses to fill, partly to inform developers of cross-platform methods.
e.g. These functions should exist across all DB platforms (and should be used more!)
datetimeDifferenceClause($date1, $date2)
datetimeIntervalClause($date1, $interval)
created by: @oddnoc (fcondo)
created at: 2011-04-14
original ticket: http://open.silverstripe.org/ticket/6598
With a very long content field, the shortcode parser silently fails and emits no output. Shortening the content or removing the shortcode (for example, changing a link from internal to external) enables the content to render.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.