mirror_php/winter
1
0
Fork 0
mirror of https://github.com/wintercms/winter.git synced 2024-06-28 05:33:29 +02:00
Code Issues Projects Releases Wiki Activity
4,986 Commits 35 Branches 172 Tags
Commit Graph

497 Commits

Author SHA1 Message Date
Samuel Georges
b1fa45ee3a Combine common CSRF logic to a trait 2019-11-02 15:15:18 +11:00
Samuel Georges
49d68f0671 Cookies are no longer serialized 
Based on update to library 09e859a13e we no longer serialize cookies, so the decrypter no longer needs to apply a serialization layer
 2019-11-02 14:52:00 +11:00
Luke Towers
959b85f56c Add cms.enableXsrfCookies config value (default true) to configure whether or not the XSRF cookie is automatically sent or if CSRF tokens are solely relied on. 
Related: https://github.com/octobercms/october/pull/4701#issuecomment-547773385 & https://github.com/laravel/framework/pull/24726
 2019-10-30 08:08:54 -06:00
Luke Towers
457466c5af Fix typehint 2019-10-29 16:33:49 -06:00
Luke Towers
eb4648972f Ensure that the XSRF cookie can always be added to the response, no matter the source of the response 2019-10-28 13:33:07 -06:00
Luke Towers
096ccf875d Implement suggestions from @bennothommo 2019-10-28 12:58:07 -06:00
Samuel Georges
f542ca8e90 Implement XSRF checking for AJAX handlers 
Refs #4699
Refs #4701
 2019-10-24 20:19:20 +11:00
gaabora
773f266373 Allow for URL parameter to be zero (#4657) 
The `empty()` check previously disallowed string zeroes from being used.

Credit to @gaabora.
 2019-10-08 09:04:52 +08:00
Luke Towers
d31006ae1a Return 403 response on CSRF fail instead of silently failing 
Also moved backend::lang.page.invalid_token.label to system::lang.page.invalid_token.label. Fixes
 2019-10-06 23:21:08 -06:00
Vojta Svoboda
bafd057f8c Optimize theme recognition (#3220) 
Credit to @vojtasvoboda. Will avoid asking the database for the currently active theme if there is only one theme present and its code matches the code set in cms.activeTheme
 2019-09-25 12:26:54 -06:00
Samuell
33d149fe1a Replace caching of Theme config with generic YAML caching (#4526) 
Credit to @Samuell1. Fixes issues related to complexity of the existing approach / cache invalidation by just using the caching built in to YAML::parseFile().
 2019-09-25 11:36:35 -06:00
Ben Thomson
0240c21af6 Fail CSRF token checks if the session expires. (#4598) 
Fixes #4595. Credit to @bennothommo
 2019-09-04 21:33:10 -06:00
Dan Harrin
9521dd795c Minor Formatting Corrections in Usage Comments (#4541) 
Credit to @DanHarrin
 2019-08-15 09:14:54 -06:00
Dan Harrin
4434808549 Remove theme data on theme deletion (#4529) 
Credit to @DanHarrin. Fixes #1292.
 2019-08-15 11:41:03 +08:00
Dan Harrin
967fd02d8c Fix minor spelling errors and inconsistencies (#4543) 
Credit to @DanHarrin.
 2019-08-15 11:39:26 +08:00
RickAcb
0383af6282 Update __isset function to comply with the same checks as __get (#4514) 
Credit to @RickAcb.
 2019-08-04 19:56:15 +08:00
Ben Thomson
a59d3b83eb Code quality clean up (#4449) 
Credit to @bennothommo
 2019-07-18 08:50:37 -06:00
Luke Towers
6f583b3920
Disable theme config cache when debug mode enabled 2019-07-08 16:25:25 -06:00
Luke Towers
46c867e4b5 Improve API docs 
Resolves #4214
 2019-06-12 00:33:30 -06:00
Sebastiaan Kloos
f921af4199 Fix menus not being displayed with database templates (#4362) 
Credit to @SebastiaanKloos.
 2019-06-06 21:05:38 +08:00
Samuel Georges
e7ec0be0c1
Merge pull request #3908 from octobercms/wip/halcyon-db-datasource 
Database layer for the CMS objects
 2019-06-01 14:28:34 +10:00
Samuel Georges
8c398e7ad5 cms_theme_contents -> cms_theme_templates 2019-06-01 12:45:29 +10:00
Samuel Georges
17cea816d8 enableDatabaseLayer -> databaseTemplates 2019-06-01 12:40:17 +10:00
Samuell
0fdd3c32cb Properly isolate theme's config cache (#4284) 
Fixes support for switching between themes. Credit to @Samuell1 and @w20k
 2019-04-21 18:16:29 -06:00
Luke Towers
7c7ff31cd6 Return 404 when attempting to access /error directly in production 
Replaces #2212
 2019-04-19 15:29:00 -06:00
Samuell
a69455d409 Cache the theme config (#4270) 
Fixes #4265. Credit to @Samuell1
 2019-04-19 10:59:27 -06:00
Ben Thomson
28ac50ab28 Fix for models that don't yet exist 
Credit to @bennothommo. Fixes https://github.com/octobercms/october/pull/3908#issuecomment-447291101

Co-Authored-By: LukeTowers <github@luketowers.ca>
 2019-04-12 00:13:39 -06:00
Ben Thomson
ab6023f3e9 Fixed typo 
Credit to @bennothommo

Co-Authored-By: LukeTowers <github@luketowers.ca>
 2019-04-11 23:36:13 -06:00
Luke Towers
630d543959 Merge branch 'develop' into wip/halcyon-db-datasource 2019-04-11 12:30:29 -06:00
Luke Towers
c86bec7f08 Replace deprecated Twig class references, refs: #4209. 2019-03-27 13:15:17 -06:00
Luke Towers
5f78fd4df9 Initial implementation attempt for theme:sync command 2018-12-16 09:43:33 -06:00
Teranode
82a38bdfb6 Add ability to delete asset files (#3933) 
Fixes: #3925. Credit to @Teranode
 2018-11-28 11:08:39 -06:00
Luke Towers
a4f5e1b96e Finished initial implementation of Commit / Reset buttons 2018-11-23 13:35:51 -06:00
Luke Towers
878bb890b9 Passed the buck to the AutoDatasource to implement pushToSource and removeFromSource, added type hinting to AutoDatasource parameters 2018-11-23 11:28:34 -06:00
Luke Towers
7ebd8b9ffc Implement canCommitTemplate and canResetTemplate checks, added UX for commit / reset buttons (load indicator & success flash messages) 2018-11-23 11:07:36 -06:00
vosco88
2d1a904512 Extend opcache check if it is enabled (#3664) 
Credit to @vosco88. 
When trying to deploy October on shared hosting (www.websupport.sk) it is possible to receive the following error when accessing the frontend pages - ErrorException:> Zend OPcache API is restricted by "restrict_api" configuration directive. This checks not only if the opcache_invalidate exists but also if opcache is enabled. Same check is actually present in twig vendor files - but so far it is working without having the check there.
 2018-11-23 09:36:24 -06:00
Luke Towers
f730fc85e1 Fix import statement 2018-11-22 16:54:35 -06:00
Luke Towers
7809f9ada5 Added a Theme::databaseLayerEnabled method to make checking for the db layer easier 2018-11-22 13:41:11 -06:00
Luke Towers
1920d5b4b6 Fix bug where updating records that didn't exist in the DB yet would cause both the original and new records to display 2018-11-22 12:04:41 -06:00
Luke Towers
38fe4af1e6 Fixed minor oversight in delete() method on AutoDatasource 2018-11-15 15:14:05 -06:00
Luke Towers
45bd2654fc Added Meta CmsObject, fixed bug in AutoDatasource 2018-11-14 16:52:46 -06:00
Luke Towers
e622defed1 Initial implementation of insert() and update() on the AutoDatasource 2018-11-06 16:00:27 -06:00
Luke Towers
e5518e0976 Update AutoDatasource->getAvailablePaths implementation to match updated interface 2018-11-06 14:48:47 -06:00
Luke Towers
0efae6dc33 AutoDatasource deletions now occur only on first datasource 2018-11-06 14:38:19 -06:00
Luke Towers
4887519e27 AutoDatasource bug fixes and performance improvements 
Properly remove deleted paths from results returned by AutoDatasource->select() and utilize the cache exclusively when only selecting the fileName column preventing calls to the source datasources.
 2018-11-06 14:22:05 -06:00
Luke Towers
65e0c9d7b6 Add initial support for deleted paths 2018-11-05 16:02:12 -06:00
Luke Towers
32c7891942 Minor changes 2018-11-05 14:35:58 -06:00
Luke Towers
e14ded4be6 Initial work on the AutoDatasource 2018-11-02 16:04:35 -06:00
Luke Towers
1dc6f944ac Documented cms.router.beforeRoute 2018-10-11 20:31:36 -06:00
Luke Towers
900220b079 Documented more inline events: 
cms.page.beforeDisplay
cms.page.display
cms.page.init
cms.page.beforeRenderPage
cms.page.start
cms.page.end
cms.page.postprocess
cms.page.initComponents
cms.page.render
cms.page.beforeRenderPartial
cms.page.renderPartial
cms.page.beforeRenderContent
cms.page.renderContent
 2018-10-11 20:10:28 -06:00