mirror_php/winter
1
0
Fork 0
mirror of https://github.com/wintercms/winter.git synced 2024-06-28 05:33:29 +02:00
Code Issues Projects Releases Wiki Activity
4,985 Commits 35 Branches 172 Tags
Commit Graph

94 Commits

Author SHA1 Message Date
Luke Towers
d31006ae1a Return 403 response on CSRF fail instead of silently failing 
Also moved backend::lang.page.invalid_token.label to system::lang.page.invalid_token.label. Fixes
 2019-10-06 23:21:08 -06:00
Ben Thomson
0240c21af6 Fail CSRF token checks if the session expires. (#4598) 
Fixes #4595. Credit to @bennothommo
 2019-09-04 21:33:10 -06:00
Dan Harrin
9521dd795c Minor Formatting Corrections in Usage Comments (#4541) 
Credit to @DanHarrin
 2019-08-15 09:14:54 -06:00
Ben Thomson
a59d3b83eb Code quality clean up (#4449) 
Credit to @bennothommo
 2019-07-18 08:50:37 -06:00
Samuel Georges
5190c8177b Avoid terminating the app using exit() or die() 
Refs #3783
Refs #3746
 2019-03-29 07:10:07 +11:00
Ben Thomson
a89f1f1c3a Add Closure use declaration (#4170) 2019-02-28 14:54:00 +02:00
Ben Thomson
57a074364e Allow controller middleware in backend controllers (#4106) 
Credit to @bennothommo Related: https://github.com/octobercms/october/pull/4088
 2019-02-27 14:27:41 -06:00
Luke Towers
d6e680799f Reduce reliance on CMS module from Backend module 
added backend 404 view, fixed return to backend URL in the access denied view on backend only instances
 2019-01-15 11:46:48 -06:00
Luke Towers
2c82b05062 Added backend.ajax.beforeRunHandler event 2018-10-14 10:32:47 -06:00
Nathan van der Werf
0f0d108da0
Remove unused imports 2018-08-24 19:51:59 +02:00
Nathan van der Werf
a3d7a028b4 Replace is_null with "=== null" comparison 2018-08-15 18:54:46 +02:00
Nathan van der Werf
123145fd54 Remove unnecessary parentheses 2018-08-15 18:49:52 +02:00
Samuel Georges
fb2aa1730c Fixes security issue 
Refs #3604
 2018-06-22 22:57:38 +10:00
Luke Towers
08d8b33fc6 Whitespace 2018-04-19 10:21:25 -06:00
Samuel Georges
e6de2a5521 Fixes exception on empty token 2017-11-02 19:53:20 +11:00
Luke Towers
c7a3354dfd
Move backend.page.beforeDisplay after auth check 
Fixes #3215. Related: 47cd204686 (diff-6cdbb280344f40eebe758cf8e8e5f7d9)
 2017-10-31 08:45:11 -06:00
Luke Towers
4203e65549 Deprecated Cms\Controllers\Media in favour of the backend one. Fixed other references to moved pieces of the Media Manager. Finally a proper fix for https://github.com/octobercms/october/pull/2604 2017-10-08 23:12:04 -06:00
Samuel Georges
96d0535d09 Add generic onAjax handler that does nothing 2017-07-29 22:55:58 +10:00
Samuel Georges
c0aa03a400 Create an error making trait 
Widgets can throw fatal errors too
 2017-06-11 22:38:03 +10:00
Samuel Georges
04f89dc5bb getToken -> token 2017-05-20 13:19:51 +10:00
Samuel Georges
7e76f39e6c Add app.name config 
Various other refittings
 2017-05-16 18:50:41 +10:00
Samuel Georges
015b34fe88 Block media manager entirely if user lacks access 2017-04-11 08:40:39 +10:00
Samuel Georges
5b5e23bfb8 Minor touch up from #2604 2017-01-26 11:30:26 +11:00
Samuel Georges
5e729f9978 Merge pull request #2604 from dubcanada/patch-1 
If CMS module is loaded (and MediaManager exists) bind it
 2017-01-26 11:27:56 +11:00
dubcanada
0a4390b4d9 If CMS module is loaded (and MediaManager exists) bind it 
I am using OctoberCMS without the CMS module (removed from modules directory and turned off in cms.php) and I am getting an error in the backend regarding missing `MediaManager` class. I wrapped this in a class_exists to check that MediaManager exists before binding it.

Let me know your thoughts.
 2017-01-10 13:45:59 -04:00
Samuel Georges
6af6ebe733 Added config backendForceSecure used to force HTTPS 
Refs https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html
 2016-12-17 10:16:02 +11:00
Samuel Georges
0a2b343047 Simplify system events 
This pipes all event calls through a new EventEmitter trait, which substitutes the October Rain event emitter trait. The view event has been moved to this trait also.
Pass some variables by reference to allow multi-extension.
Fixes #2420
 2016-12-10 09:02:06 +11:00
Samuel Georges
6173ff177b Typo in variable name 2016-11-02 08:58:07 +11:00
Samuel Georges
0aadcc6675 Merge paths and vars when calling widget handler 
When an AJAX handler is called for a widget, the view paths and specified variables should be merged in to the controller. This sets the appropriate context:

1) Look at the widget first
2) Fall back to the controller

Fixes #2432
 2016-11-02 08:50:15 +11:00
soulshockers
e10c162667 Fixed calling dynamic methods for dynamically extended widgets. 2016-08-05 18:51:27 +03:00
Samuel Georges
78a4067564 Make logic more explicit 
This tightens up the rules of 7baea87068e496d83d6afd46fccee699779cb2ad
 2016-07-23 15:50:48 +10:00
Samuel Georges
7baea87068 Allow AJAX handlers to pipe objects to Laravel 
Treat non scalar, non array, non RedirectResponse, non null as a Laravel compatible response
This brings AJAX handlers in line with page cycles, which do the same thing if the response is not a string. However in AJAX we should treat any scalar as a "result", not just a string. For all else (where not null), let Laravel handle it as a custom response object -- could be a model for serialization, or anything compatible.
Importantly to note when a custom redirect is sent, October's workflow is completely wiped out, so any partial updates, redirects, etc. will not occur. This is a normal and fair expectation.
Fixes #1784
 2016-07-23 11:57:15 +10:00
Samuel Georges
e970d80443 Align AJAX logic: merge custom response last 
This is to allow overriding the standard values
Refs #2209
 2016-07-16 13:11:10 +10:00
Luke Towers
b73811fefc Moves AJAX handler response handling 
Fixes octobercms/october#2208
 2016-07-13 09:51:18 -06:00
Samuel Georges
e9be15cc15 Preferences -> Preference 
Rename brandsetting config folder
 2016-05-27 07:46:50 +10:00
Samuel Georges
cdb35f5070 UserPreferences -> UserPreference 
(Models should be singular)
 2016-05-27 07:35:32 +10:00
Samuel Georges
6c081d9265 Combine editor preferences and backend preferences 
Add backend timezone setting used for converting display dates
 2016-04-23 05:31:05 +10:00
Pásztor Gábor
31457bd2ee Cleanup 2016-01-15 10:20:57 +01:00
Samuel Georges
2213c6f28c Fix string comparison function 
Flush stray output on view errors
 2016-01-02 16:13:30 +11:00
flynsarmy
98e1d0fe4d Add getPublicActions controller method 2015-09-07 14:17:09 +10:00
Samuel Georges
48b4a137fa Allow passing explicit content to hints 2015-07-25 09:34:47 +10:00
Samuel Georges
d453f922dc Improve the hint API, add inset mode to loader 2015-07-25 09:23:34 +10:00
Samuel Georges
fc490b18e9 Add actionUrl() helper to backend controller 
Used for generating URLs to the current controller
 2015-07-23 19:44:54 +10:00
Samuel Georges
606892143b Added new security config option cms.enableCsrfProtection 2015-07-04 09:31:28 +10:00
Samuel Georges
f9c921a797 Adds getAjaxHandler() API to controllers 
Fixes bug where update process fails midway
 2015-06-30 08:56:53 +10:00
Samuel Georges
d9dfa21372 Adds CSRF protection to the backend - Refs #105 2015-06-20 21:17:58 +10:00
Samuel Georges
cd1d62d8d7 AJAX requests can only use the POST method 2015-06-20 20:18:58 +10:00
Samuel Georges
9ed73e0cba Updates for new symbolizePath API, requires latest rain lib code 
Backend layouts can now be provided by plugins
 2015-05-30 15:54:47 +10:00
alekseybobkov
c1740c479c Media Manager: implemented insert link, insert image, and crop and insert features. Minor fixes in October core and third-party JS plugins. 2015-04-11 18:55:02 -07:00
Samuel Georges
77d3ab8b67 Finish basic theme utilities: properties, import/export, duplicate, delete 2015-03-16 19:00:39 +11:00