5148 Commits

Author SHA1 Message Date
Luke Towers
c9df45a87d Fixed typo 2019-11-06 16:55:16 -06:00
Ben Thomson
e97057246a
Fix empty Richeditor class lists from breaking widget (#4725) 2019-11-06 17:44:46 +08:00
Samuel Georges
8da798a5cd Remove XSRF cookie
This was a contentious change is generally a bad idea to blanket all requests with a dependant cookie. We will try something else.

Revert enableXsrfCookies setting. Fixes UX issue introduced where the token expires. This should be replaced by a CSRF policy that determines whether this is needed on the front end.
2019-11-04 09:06:05 +11:00
Samuel Georges
c5bd5f0e0a Apply ResponseMaker to backend AJAX and cms.page.display event 2019-11-03 08:02:28 +11:00
Samuel Georges
1df8e72e4a Remove unused import 2019-11-02 19:42:09 +11:00
Samuel Georges
63f65a3f25 Add XSRF to backend, simplify CMS controller run() method
runInternal has been removed because we do not want to blanket our response logic over every single response, only the happy path. This is because it is impossible to remove. So it is better to take the inverted approach, where if you want the CMS' headers in your custom response, add them yourself. This becomes easy via the new makeResponse() method
2019-11-02 19:14:45 +11:00
Samuel Georges
9d120ad66b Add header and cookie support to ResponseMaker 2019-11-02 18:57:32 +11:00
Samuel Georges
ff8f899fbe Move response common functions to ResponseMaker trait 2019-11-02 18:21:22 +11:00
Samuel Georges
f269901d72
Merge pull request #4732 from octobercms/remove_double_middleware
Remove double middleware
2019-11-02 18:06:50 +11:00
Samuel Georges
c0fffc665d
Merge pull request #4731 from octobercms/no_serialize_cookie
No serialize cookie
2019-11-02 18:06:27 +11:00
Samuel Georges
92bd8360b9 Fixes issue where behaviors are not booting 2019-11-02 16:30:33 +11:00
Samuel Georges
f73d8e6d49 Removes double middleware layer
For some reason it was decided to allow October controllers to support Laravel middleware, this has been reverted because it is a convoluted solution that doesn't respect the original architecture. There are other ways to handle middleware requirements

The original use case appeared to be to simply allow backend controllers to inject headers. This is something easily solvable whilst keeping the simple and original workflow
2019-11-02 16:16:32 +11:00
Samuel Georges
b1fa45ee3a Combine common CSRF logic to a trait 2019-11-02 15:15:18 +11:00
Samuel Georges
49d68f0671 Cookies are no longer serialized
Based on update to library 09e859a13e we no longer serialize cookies, so the decrypter no longer needs to apply a serialization layer
2019-11-02 14:52:00 +11:00
Luke Towers
76db3355e6 Merge branch 'develop' of https://github.com/octobercms/october into develop 2019-10-30 08:09:07 -06:00
Luke Towers
959b85f56c Add cms.enableXsrfCookies config value (default true) to configure whether or not the XSRF cookie is automatically sent or if CSRF tokens are solely relied on.
Related: https://github.com/octobercms/october/pull/4701#issuecomment-547773385 & https://github.com/laravel/framework/pull/24726
2019-10-30 08:08:54 -06:00
Jan Boech
cc9b48975d Typo in "Automatically run migrations on login" (#4727)
Credit to @najbo.
2019-10-30 16:57:47 +08:00
Luke Towers
457466c5af Fix typehint 2019-10-29 16:33:49 -06:00
Luke Towers
0de4f1903f
Merge pull request #4720 from octobercms/csrf_fix
Implement XSRF checking for AJAX handlers. Credit to @bennothommo @daftspunk.
2019-10-28 13:37:25 -06:00
Luke Towers
eb4648972f Ensure that the XSRF cookie can always be added to the response, no matter the source of the response 2019-10-28 13:33:07 -06:00
Luke Towers
096ccf875d Implement suggestions from @bennothommo 2019-10-28 12:58:07 -06:00
Samuel Georges
f542ca8e90 Implement XSRF checking for AJAX handlers
Refs #4699
Refs #4701
2019-10-24 20:19:20 +11:00
Ben Thomson
df65861aff Add clear classes for fields (#4706)
Credit to @bennothommo. Added `clear-full`, `clear-left`, and `clear-right` CSS classes that can be used to apply clearfixes to form fields by adding them to the field's `cssClass` property
2019-10-20 15:47:37 -06:00
Luke Towers
fa93781645 Added ability to filter down the permissions presented by the PermissionEditor
You can now specify an array of "availablePermissions" to the PermissionEditor FormWidget that it will use to further down the list of permissions that are up for managment by the current user.
2019-10-15 17:37:59 -06:00
Luke Towers
a69c76116f Added support for mode: switch to the PermissionEditor formwidget 2019-10-15 16:46:02 -06:00
Valentijn Evers
d52c59254a Improved email client support for branded mails (#4663)
Improves compatibility with Outlook mail clients, preventing harsh word breaks. Credit to @vevers.
2019-10-14 15:33:43 +08:00
Luke Towers
5862683a7a
Trigger change event on clearing recordfinder
Fixes #3591.
2019-10-13 06:15:19 -06:00
Luke Towers
9ac292d921
Merge pull request #4690 from pkarecki/master
Credit to @pkarecki
2019-10-11 12:46:01 -06:00
Piotr Karecki
06b7031131
Move prompt to lang
Move default prompt text to i18n file.
2019-10-11 20:12:08 +02:00
Szabó Gergő
04f0b176a4 Improved Hungarian translation (#4682)
Credit to @gergo85
2019-10-11 09:48:21 -06:00
36864
78e4c46e59 Improve Portuguese translation (#4689)
Credit to @36864
2019-10-11 09:47:17 -06:00
nameewgeniy
af571ed918 Update ru/validation.php (#4687)
Credit to @nameewgeniy
2019-10-11 14:59:42 +03:00
Luke Towers
c1fe12f732
Add my GitHub sponsor link
https://github.com/users/LukeTowers/sponsorship
2019-10-11 00:00:33 -06:00
Samuell
348040a4e4 Add permission support for fields, columns and filter scopes (#4520)
Credit to @Samuell1. Fixes #1837.
2019-10-09 16:41:53 -06:00
Luke Towers
e246427463 Provide system.assets.beforeAddAsset event to modify asset attributes
Fixes octobercms/october#4611 (when combined with a PR to https://github.com/heathdutton/cloudflare)
Related: octobercms/october#4092, octobercms/october#3841, octobercms/october#3839
2019-10-09 11:51:06 -06:00
Luke Towers
fa002ce3dd Minor cleanup 2019-10-09 09:44:24 -06:00
Ben Thomson
07d74ebb1b Fix sync command, minor cleanup (#4645)
Fixes #4642, adds some unit testing for the AutoDatasource. Credit to @bennothommo
2019-10-09 08:54:13 -06:00
Luke Towers
96e335aebc
Fix #3415, #4672 (#4674)
Handle child FormWidgets making AJAX requests outside of the repeater's form container. Note that this won't pass on the state of the repeater item as it exists on the webpage because that information won't be sent to the server in an AJAX request sent from outside of the repeater's form container unless the FormWidget sending the orphaned request specifically includes that data in their request, in which case the regular handling will kick in and initialize the widget properly. A discussion should be had whether this fix makes sense to be done in the Repeater FormWidget or if we should force FormWidgets to have the responsibility of initializing their parent repeaters if they're going to be making orphaned AJAX requests.

Should fix #3415, #4672.
Related: octoberrain/test-plugin#78
2019-10-09 08:08:21 -06:00
Alwin Drenth
b2dcd3c9fd Update Dutch (NL_nl) translation (#4676)
Credit to @adrenth
2019-10-09 13:08:31 +03:00
Luke Towers
06ba8c712f
Trigger the change.oc.formwidget event on update of records through relationcontroller. (#4673)
Fixes #4625. Credit to @danielbidala for the initial report and proposed fix.
2019-10-08 17:30:02 -06:00
gaabora
773f266373 Allow for URL parameter to be zero (#4657)
The `empty()` check previously disallowed string zeroes from being used.

Credit to @gaabora.
2019-10-08 09:04:52 +08:00
Ben Thomson
970cc4550c
Improve internal docs for DataTable callback handler
- Changes parameters to match their intended data.
- Updates docblock
- Minor code cleanup

Refs: https://github.com/octobercms/october/issues/4664#issuecomment-539028664
2019-10-07 22:19:13 +08:00
Ben Thomson
6099312c0d
Disable CSRF in unit tests 2019-10-07 14:13:02 +08:00
Luke Towers
c87e6545a9 Use form_ajax in the demo component instead of hardcoded form tags 2019-10-06 23:44:13 -06:00
Damien MATHIEU
f09c05d31b Update French translations (#4668)
Credit to @damsfx
2019-10-06 23:26:15 -06:00
Luke Towers
d31006ae1a Return 403 response on CSRF fail instead of silently failing
Also moved backend::lang.page.invalid_token.label to system::lang.page.invalid_token.label. Fixes
2019-10-06 23:21:08 -06:00
Burak Özdemir
64d02b77cc Added Mailgun endpoint to services config (#4667)
Fixes #3846. Credit to @ozdemirburak.
2019-10-06 19:27:10 -06:00
Luke Towers
17f3c6f74b Added 'email' field type 2019-10-06 16:15:29 -06:00
Luke Towers
ad35d83323 Fix styling for switch fields that are required 2019-10-06 12:24:32 -06:00
Luke Towers
3b74a8f248 Add support for inline-options to radio field 2019-10-06 08:15:36 -06:00