mirror_php/winter
1
0
Fork 0
mirror of https://github.com/wintercms/winter.git synced 2024-06-28 05:33:29 +02:00
Code Issues Projects Releases Wiki Activity
4,995 Commits 35 Branches 172 Tags
Commit Graph

1193 Commits

Author SHA1 Message Date
Samuel Georges
c5bd5f0e0a Apply ResponseMaker to backend AJAX and cms.page.display event 2019-11-03 08:02:28 +11:00
Samuel Georges
1df8e72e4a Remove unused import 2019-11-02 19:42:09 +11:00
Samuel Georges
63f65a3f25 Add XSRF to backend, simplify CMS controller run() method 
runInternal has been removed because we do not want to blanket our response logic over every single response, only the happy path. This is because it is impossible to remove. So it is better to take the inverted approach, where if you want the CMS' headers in your custom response, add them yourself. This becomes easy via the new makeResponse() method
 2019-11-02 19:14:45 +11:00
Samuel Georges
ff8f899fbe Move response common functions to ResponseMaker trait 2019-11-02 18:21:22 +11:00
Samuel Georges
b1fa45ee3a Combine common CSRF logic to a trait 2019-11-02 15:15:18 +11:00
Samuel Georges
49d68f0671 Cookies are no longer serialized 
Based on update to library 09e859a13e we no longer serialize cookies, so the decrypter no longer needs to apply a serialization layer
 2019-11-02 14:52:00 +11:00
Luke Towers
959b85f56c Add cms.enableXsrfCookies config value (default true) to configure whether or not the XSRF cookie is automatically sent or if CSRF tokens are solely relied on. 
Related: https://github.com/octobercms/october/pull/4701#issuecomment-547773385 & https://github.com/laravel/framework/pull/24726
 2019-10-30 08:08:54 -06:00
Luke Towers
457466c5af Fix typehint 2019-10-29 16:33:49 -06:00
Luke Towers
eb4648972f Ensure that the XSRF cookie can always be added to the response, no matter the source of the response 2019-10-28 13:33:07 -06:00
Luke Towers
096ccf875d Implement suggestions from @bennothommo 2019-10-28 12:58:07 -06:00
Samuel Georges
f542ca8e90 Implement XSRF checking for AJAX handlers 
Refs #4699
Refs #4701
 2019-10-24 20:19:20 +11:00
Alwin Drenth
b2dcd3c9fd Update Dutch (NL_nl) translation (#4676) 
Credit to @adrenth
 2019-10-09 13:08:31 +03:00
gaabora
773f266373 Allow for URL parameter to be zero (#4657) 
The `empty()` check previously disallowed string zeroes from being used.

Credit to @gaabora.
 2019-10-08 09:04:52 +08:00
Luke Towers
d31006ae1a Return 403 response on CSRF fail instead of silently failing 
Also moved backend::lang.page.invalid_token.label to system::lang.page.invalid_token.label. Fixes
 2019-10-06 23:21:08 -06:00
Samuel Georges
c23d671f91 New templates must have a unique widget alias 2019-09-30 20:17:02 +10:00
罗光盛
c19ccb4f60 Update zh-cn backend translations (#4635) 
Credit to @everyx.
 2019-09-26 12:38:22 +08:00
Vojta Svoboda
bafd057f8c Optimize theme recognition (#3220) 
Credit to @vojtasvoboda. Will avoid asking the database for the currently active theme if there is only one theme present and its code matches the code set in cms.activeTheme
 2019-09-25 12:26:54 -06:00
Samuell
33d149fe1a Replace caching of Theme config with generic YAML caching (#4526) 
Credit to @Samuell1. Fixes issues related to complexity of the existing approach / cache invalidation by just using the caching built in to YAML::parseFile().
 2019-09-25 11:36:35 -06:00
Dan Harrin
7b8fecaa51 Replace use of parseJSON with JSON.parse (#4517) 
Credit to @DanHarrin
 2019-09-14 06:25:18 -06:00
Samuel Georges
3212fc5b35
Merge pull request #4503 from ghost/role-form 
Add role-form to all forms
 2019-09-10 17:55:40 +10:00
Ben Thomson
0240c21af6 Fail CSRF token checks if the session expires. (#4598) 
Fixes #4595. Credit to @bennothommo
 2019-09-04 21:33:10 -06:00
Ben Thomson
5723cd4b2a
Match save method signature in Theme Export/Import 2019-09-05 10:58:22 +08:00
Ayumi Hamasaki
6942e38615 Remove the IE5 - IE7 Holly Hack support (#4594) 
Credit to @ayumihamsaki
 2019-09-04 09:32:29 -06:00
Dan Harrin
9521dd795c Minor Formatting Corrections in Usage Comments (#4541) 
Credit to @DanHarrin
 2019-08-15 09:14:54 -06:00
Dan Harrin
188c565d69 Hide active theme's Delete button (#4528) 
Credit to @DanHarrin.
 2019-08-15 11:42:25 +08:00
Dan Harrin
4434808549 Remove theme data on theme deletion (#4529) 
Credit to @DanHarrin. Fixes #1292.
 2019-08-15 11:41:03 +08:00
Dan Harrin
967fd02d8c Fix minor spelling errors and inconsistencies (#4543) 
Credit to @DanHarrin.
 2019-08-15 11:39:26 +08:00
Dan Harrin
67c9decb20 Standardise use of [] vs array() (#4548) 
Credit to @DanHarrin
 2019-08-14 20:46:36 -06:00
RickAcb
0383af6282 Update __isset function to comply with the same checks as __get (#4514) 
Credit to @RickAcb.
 2019-08-04 19:56:15 +08:00
Ayumi Hamasaki
432dd5d91a Add role-form to all forms 2019-07-31 15:46:20 +01:00
Luke Towers
99777f5977 Fix issue with AJAX framework load order on the frontend. 
Partially reverts f4e50ddd1a in response to https://github.com/octobercms/october/pull/4285#issuecomment-513566437. Functionality can be re-added at a later date under an optional parameter added to the {% framework %} tag. Replaces https://github.com/octobercms/october/pull/4469
 2019-07-29 16:30:14 -06:00
Anurat Chapanond
02ba765a9e Added Thai translation (#4472) 
Credit to @anurat.
 2019-07-26 14:52:52 -06:00
Samuell
df81ea182b Remove alert to prevent showing same popup twice (#4470) 
Credit to @Samuell1
 2019-07-24 12:33:18 -06:00
Luke Towers
1587c7f49c Warn developers to not be silly. Fixes #4466. 2019-07-23 11:17:56 -06:00
Samuell
36c69a063b Add support for tab icons in theme customization (#4464) 
Fixes #4131. Credit to @Samuell1
 2019-07-21 23:45:30 -06:00
Ben Thomson
a59d3b83eb Code quality clean up (#4449) 
Credit to @bennothommo
 2019-07-18 08:50:37 -06:00
Ayumi Hamasaki
ae5f1a4282 Clean up output of Twig dump() function (#4460) 
Credit to @ayumihamsaki. Fixes #4446.
 2019-07-17 22:54:24 -06:00
Kallef Alexandre
94a71ff3da Improved Brazilian Portuguese translations (#4450) 
Credit to @prhost
 2019-07-13 16:42:43 -06:00
Long Wen
2613141870 Update zh-cn/lang.php file (#4447) 
Credit to @wenlong-date.
 2019-07-11 17:21:24 +03:00
Luke Towers
e0e951dfcd
Disable searching and sorting on any_template 
Fixes #4441. Make the new template and old template columns visible and sort by them instead if you need to sort by that column.
 2019-07-09 08:38:30 -06:00
Luke Towers
6f583b3920
Disable theme config cache when debug mode enabled 2019-07-08 16:25:25 -06:00
Long Wen
07a852ed8a Fix selection issue for similar-named CMS objects (#4433) 
CMS objects with the same name as another object (eg. "test.htm" for a page and "test.htm" for a partial) were unable to be selected (selecting the partial selected the page).

Credit to @wenlong-date.
 2019-07-05 16:47:30 +08:00
Ayumi Hamasaki
f4e50ddd1a Add new Performance API's to October CMS (#4285) 
PR adds a new Priority Hints API, Preload API and async to the October CMS AJAX injected code and a new Priority Hints API to the loaded assets in the head section.

Credit to @ayumihamsaki. Related #4277, #4030
 2019-06-17 01:17:34 +03:00
Luke Towers
46c867e4b5 Improve API docs 
Resolves #4214
 2019-06-12 00:33:30 -06:00
Ben Thomson
a777c44cb4
Remove typehints for database template methods. 
Instead check the CmsObject class inheritence in the methods. Fixes #4376
 2019-06-09 23:33:38 +08:00
Sebastiaan Kloos
f921af4199 Fix menus not being displayed with database templates (#4362) 
Credit to @SebastiaanKloos.
 2019-06-06 21:05:38 +08:00
Samuel Georges
e7ec0be0c1
Merge pull request #3908 from octobercms/wip/halcyon-db-datasource 
Database layer for the CMS objects
 2019-06-01 14:28:34 +10:00
Samuel Georges
8c398e7ad5 cms_theme_contents -> cms_theme_templates 2019-06-01 12:45:29 +10:00
Samuel Georges
17cea816d8 enableDatabaseLayer -> databaseTemplates 2019-06-01 12:40:17 +10:00
HOOP Mediaclinic
5055c830e9 Finnish language update (#4177) 
* Finnish language update
* Fixed missing ] and added 'scopes'
* Tabs to spaces, removed comma
* Translation file fixes
Removed tabs, fixed indentation
 2019-05-03 18:51:44 +03:00