mirror_php/winter
1
0
Fork 0
mirror of https://github.com/wintercms/winter.git synced 2024-06-28 05:33:29 +02:00
Code Issues Projects Releases Wiki Activity
4,994 Commits 35 Branches 172 Tags
Commit Graph

500 Commits

Author SHA1 Message Date
Samuel Georges
1df8e72e4a Remove unused import 2019-11-02 19:42:09 +11:00
Samuel Georges
63f65a3f25 Add XSRF to backend, simplify CMS controller run() method 
runInternal has been removed because we do not want to blanket our response logic over every single response, only the happy path. This is because it is impossible to remove. So it is better to take the inverted approach, where if you want the CMS' headers in your custom response, add them yourself. This becomes easy via the new makeResponse() method
 2019-11-02 19:14:45 +11:00
Samuel Georges
ff8f899fbe Move response common functions to ResponseMaker trait 2019-11-02 18:21:22 +11:00
Samuel Georges
b1fa45ee3a Combine common CSRF logic to a trait 2019-11-02 15:15:18 +11:00
Samuel Georges
49d68f0671 Cookies are no longer serialized 
Based on update to library 09e859a13e we no longer serialize cookies, so the decrypter no longer needs to apply a serialization layer
 2019-11-02 14:52:00 +11:00
Luke Towers
959b85f56c Add cms.enableXsrfCookies config value (default true) to configure whether or not the XSRF cookie is automatically sent or if CSRF tokens are solely relied on. 
Related: https://github.com/octobercms/october/pull/4701#issuecomment-547773385 & https://github.com/laravel/framework/pull/24726
 2019-10-30 08:08:54 -06:00
Luke Towers
457466c5af Fix typehint 2019-10-29 16:33:49 -06:00
Luke Towers
eb4648972f Ensure that the XSRF cookie can always be added to the response, no matter the source of the response 2019-10-28 13:33:07 -06:00
Luke Towers
096ccf875d Implement suggestions from @bennothommo 2019-10-28 12:58:07 -06:00
Samuel Georges
f542ca8e90 Implement XSRF checking for AJAX handlers 
Refs #4699
Refs #4701
 2019-10-24 20:19:20 +11:00
gaabora
773f266373 Allow for URL parameter to be zero (#4657) 
The `empty()` check previously disallowed string zeroes from being used.

Credit to @gaabora.
 2019-10-08 09:04:52 +08:00
Luke Towers
d31006ae1a Return 403 response on CSRF fail instead of silently failing 
Also moved backend::lang.page.invalid_token.label to system::lang.page.invalid_token.label. Fixes
 2019-10-06 23:21:08 -06:00
Vojta Svoboda
bafd057f8c Optimize theme recognition (#3220) 
Credit to @vojtasvoboda. Will avoid asking the database for the currently active theme if there is only one theme present and its code matches the code set in cms.activeTheme
 2019-09-25 12:26:54 -06:00
Samuell
33d149fe1a Replace caching of Theme config with generic YAML caching (#4526) 
Credit to @Samuell1. Fixes issues related to complexity of the existing approach / cache invalidation by just using the caching built in to YAML::parseFile().
 2019-09-25 11:36:35 -06:00
Ben Thomson
0240c21af6 Fail CSRF token checks if the session expires. (#4598) 
Fixes #4595. Credit to @bennothommo
 2019-09-04 21:33:10 -06:00
Dan Harrin
9521dd795c Minor Formatting Corrections in Usage Comments (#4541) 
Credit to @DanHarrin
 2019-08-15 09:14:54 -06:00
Dan Harrin
4434808549 Remove theme data on theme deletion (#4529) 
Credit to @DanHarrin. Fixes #1292.
 2019-08-15 11:41:03 +08:00
Dan Harrin
967fd02d8c Fix minor spelling errors and inconsistencies (#4543) 
Credit to @DanHarrin.
 2019-08-15 11:39:26 +08:00
RickAcb
0383af6282 Update __isset function to comply with the same checks as __get (#4514) 
Credit to @RickAcb.
 2019-08-04 19:56:15 +08:00
Ben Thomson
a59d3b83eb Code quality clean up (#4449) 
Credit to @bennothommo
 2019-07-18 08:50:37 -06:00
Luke Towers
6f583b3920
Disable theme config cache when debug mode enabled 2019-07-08 16:25:25 -06:00
Luke Towers
46c867e4b5 Improve API docs 
Resolves #4214
 2019-06-12 00:33:30 -06:00
Sebastiaan Kloos
f921af4199 Fix menus not being displayed with database templates (#4362) 
Credit to @SebastiaanKloos.
 2019-06-06 21:05:38 +08:00
Samuel Georges
e7ec0be0c1
Merge pull request #3908 from octobercms/wip/halcyon-db-datasource 
Database layer for the CMS objects
 2019-06-01 14:28:34 +10:00
Samuel Georges
8c398e7ad5 cms_theme_contents -> cms_theme_templates 2019-06-01 12:45:29 +10:00
Samuel Georges
17cea816d8 enableDatabaseLayer -> databaseTemplates 2019-06-01 12:40:17 +10:00
Samuell
0fdd3c32cb Properly isolate theme's config cache (#4284) 
Fixes support for switching between themes. Credit to @Samuell1 and @w20k
 2019-04-21 18:16:29 -06:00
Luke Towers
7c7ff31cd6 Return 404 when attempting to access /error directly in production 
Replaces #2212
 2019-04-19 15:29:00 -06:00
Samuell
a69455d409 Cache the theme config (#4270) 
Fixes #4265. Credit to @Samuell1
 2019-04-19 10:59:27 -06:00
Ben Thomson
28ac50ab28 Fix for models that don't yet exist 
Credit to @bennothommo. Fixes https://github.com/octobercms/october/pull/3908#issuecomment-447291101

Co-Authored-By: LukeTowers <github@luketowers.ca>
 2019-04-12 00:13:39 -06:00
Ben Thomson
ab6023f3e9 Fixed typo 
Credit to @bennothommo

Co-Authored-By: LukeTowers <github@luketowers.ca>
 2019-04-11 23:36:13 -06:00
Luke Towers
630d543959 Merge branch 'develop' into wip/halcyon-db-datasource 2019-04-11 12:30:29 -06:00
Luke Towers
c86bec7f08 Replace deprecated Twig class references, refs: #4209. 2019-03-27 13:15:17 -06:00
Luke Towers
5f78fd4df9 Initial implementation attempt for theme:sync command 2018-12-16 09:43:33 -06:00
Teranode
82a38bdfb6 Add ability to delete asset files (#3933) 
Fixes: #3925. Credit to @Teranode
 2018-11-28 11:08:39 -06:00
Luke Towers
a4f5e1b96e Finished initial implementation of Commit / Reset buttons 2018-11-23 13:35:51 -06:00
Luke Towers
878bb890b9 Passed the buck to the AutoDatasource to implement pushToSource and removeFromSource, added type hinting to AutoDatasource parameters 2018-11-23 11:28:34 -06:00
Luke Towers
7ebd8b9ffc Implement canCommitTemplate and canResetTemplate checks, added UX for commit / reset buttons (load indicator & success flash messages) 2018-11-23 11:07:36 -06:00
vosco88
2d1a904512 Extend opcache check if it is enabled (#3664) 
Credit to @vosco88. 
When trying to deploy October on shared hosting (www.websupport.sk) it is possible to receive the following error when accessing the frontend pages - ErrorException:> Zend OPcache API is restricted by "restrict_api" configuration directive. This checks not only if the opcache_invalidate exists but also if opcache is enabled. Same check is actually present in twig vendor files - but so far it is working without having the check there.
 2018-11-23 09:36:24 -06:00
Luke Towers
f730fc85e1 Fix import statement 2018-11-22 16:54:35 -06:00
Luke Towers
7809f9ada5 Added a Theme::databaseLayerEnabled method to make checking for the db layer easier 2018-11-22 13:41:11 -06:00
Luke Towers
1920d5b4b6 Fix bug where updating records that didn't exist in the DB yet would cause both the original and new records to display 2018-11-22 12:04:41 -06:00
Luke Towers
38fe4af1e6 Fixed minor oversight in delete() method on AutoDatasource 2018-11-15 15:14:05 -06:00
Luke Towers
45bd2654fc Added Meta CmsObject, fixed bug in AutoDatasource 2018-11-14 16:52:46 -06:00
Luke Towers
e622defed1 Initial implementation of insert() and update() on the AutoDatasource 2018-11-06 16:00:27 -06:00
Luke Towers
e5518e0976 Update AutoDatasource->getAvailablePaths implementation to match updated interface 2018-11-06 14:48:47 -06:00
Luke Towers
0efae6dc33 AutoDatasource deletions now occur only on first datasource 2018-11-06 14:38:19 -06:00
Luke Towers
4887519e27 AutoDatasource bug fixes and performance improvements 
Properly remove deleted paths from results returned by AutoDatasource->select() and utilize the cache exclusively when only selecting the fileName column preventing calls to the source datasources.
 2018-11-06 14:22:05 -06:00
Luke Towers
65e0c9d7b6 Add initial support for deleted paths 2018-11-05 16:02:12 -06:00
Luke Towers
32c7891942 Minor changes 2018-11-05 14:35:58 -06:00