Merge remote-tracking branch 'origin/4'

docs/en/02_Developer_Guides/00_Model/10_Versioning.md

@@ -314,7 +314,7 @@ Note that ownership cannot be used with polymorphic relations. E.g. has_one to n
 #### Unversioned dataobject ownership (4.1 and above)
 
 Ownership can be used with non-versioned dataobjects, as the necessary functionality is included by default
-by the versioned object through the `[api:SilverStripe\Versioned\RecursivePublishable]` extension which is
+by the versioned object through the [`RecursivePublishable`](api:SilverStripe\Versioned\RecursivePublishable) extension which is
 applied to all objects.
 
 However, it is important to note that even when saving un-versioned objects, it is necessary to use
@@ -371,7 +371,7 @@ class MyChild extends DataObject
 
 #### DataObject Ownership in HTML Content
 
-If you are using `[DBHTMLText](api:SilverStripe\ORM\FieldType\DBHTMLText)` or `[DBHTMLVarchar](api:SilverStripe\ORM\FieldType\DBHTMLVarchar)` fields in your `DataObject::$db` definitions,
+If you are using [`DBHTMLText`](api:SilverStripe\ORM\FieldType\DBHTMLText) or [`DBHTMLVarchar`](api:SilverStripe\ORM\FieldType\DBHTMLVarchar) fields in your `DataObject::$db` definitions,
 it's likely that your authors can insert images into those fields via the CMS interface.
 These images are usually considered to be owned by the `DataObject`, and should be published alongside it.
 The ownership relationship is tracked through an `[image]` [shortcode](/developer-guides/extending/shortcodes),
@@ -380,7 +380,7 @@ the shortcode references the database identifier of the `Image` object.
 
 ### Changesets, a.k.a "Campaigns"
 
-Changes to many DataObjects can grouped together using the `ChangeSet` [api:SilverStripe\Versioning\ChangeSet] object, better known by its frontend name, "Campaign" (provided the `campaign-admin` module is installed). By grouping a series of content changes together as one cohesive unit, content editors can bulk publish an entire body of content all at once, which affords them much more power and control over interdependent content types.
+Changes to many DataObjects can grouped together using the [`ChangeSet`](api:SilverStripe\Versioning\ChangeSet) object, better known by its frontend name, "Campaign" (provided the `campaign-admin` module is installed). By grouping a series of content changes together as one cohesive unit, content editors can bulk publish an entire body of content all at once, which affords them much more power and control over interdependent content types.
 
 Records can be added to a changeset in the CMS by using the "Add to campaign" button
 that is available on the edit forms of all pages and files. Programmatically, this is done by creating a `SilverStripe\Versioned\ChangeSet` object and invoking its `addObject(DataObject $record)` method.

docs/en/02_Developer_Guides/02_Controllers/02_Routing.md

@@ -20,7 +20,9 @@ These routes by standard, go into a `routes.yml` file in your applications `_con
 ```yml
 ---
 Name: mysiteroutes
-After: framework/_config/routes#coreroutes
+After:
+  - '#rootroutes'
+  - '#coreroutes'
 ---
 SilverStripe\Control\Director:
   rules:

docs/en/02_Developer_Guides/07_Debugging/01_Error_Handling.md

@@ -15,6 +15,8 @@ can be accessed via the `Injector`:
 
 ```php
 use SilverStripe\Core\Injector\Injector;
+use Psr\Log\LoggerInterface;
+use SilverStripe\Security\Security;
 
 Injector::inst()->get(LoggerInterface::class)->info('User has logged in: ID #' . Security::getCurrentUser()->ID);
 Injector::inst()->get(LoggerInterface::class)->debug('Query executed: ' . $sql);
@@ -55,7 +57,7 @@ throw new \LogicException("Query failed: " . $sql);
 
 ### Accessing the logger via dependency injection.
 
-It can quite verbose to call `Injector::inst()->get(LoggerInterface::class)` all the time. More importantly,
+It can be quite verbose to call `Injector::inst()->get(LoggerInterface::class)` all the time. More importantly,
 it also means that you're coupling your code to global state, which is a bad design practise. A better
 approach is to use depedency injection to pass the logger in for you. The [Injector](../extending/Injector)
 can help with this. The most straightforward is to specify a `dependencies` config setting, like this:

docs/en/02_Developer_Guides/09_Security/05_Rate_Limiting.md

@@ -44,6 +44,15 @@ Director:
     'MyController//$Action/$ID/$OtherID': '%$MyRateLimitedController'
 ```
 
+Or if you want to apply your middleware to a specific route:
+
+```yml
+SilverStripe\Control\Director:
+  rules:
+    special/section:
+      Controller: %$MyRateLimitedController
+```
+
 ## Applying rate limiting across an entire application
 
 If you'd like to add rate limiting to an entire application (ie: across all routes) then you'll need to define your rate
@@ -69,4 +78,4 @@ Add the following to your config.yml:
 SilverStripe\Control\Director:
   rules:
     'Security//$Action/$ID/$OtherID': SilverStripe\Security\Security
-```
+```

docs/en/02_Developer_Guides/10_Email/index.md

@@ -154,12 +154,12 @@ Configuration of those properties looks like the following:
 **mysite/_config.php**
 
 ```php
-use SilverStripe\Control\Director;
+use SilverStripe\Control\Email\Email;
 use SilverStripe\Core\Config\Config;
 if(Director::isLive()) {
-    Config::inst()->update('Email', 'bcc_all_emails_to', "client@example.com");
+    Config::modify()->set(Email::class, 'bcc_all_emails_to', "client@example.com");
 } else {
-    Config::inst()->update('Email', 'send_all_emails_to', "developer@example.com");
+    Config::modify()->set(Email::class, 'send_all_emails_to', "developer@example.com");
 }
 ```
 

docs/en/02_Developer_Guides/14_Files/02_Images.md

@@ -181,6 +181,8 @@ Name: resamplefiles
 ---
 SilverStripe\Assets\File:
   force_resample: false
+SilverStripe\Assets\Storage\DBFile:
+  force_resample: false
 ```
 
 #### Resampled image quality

docs/en/02_Developer_Guides/15_Customising_the_Admin_Interface/05_Typography.md

@@ -17,6 +17,13 @@ SilverStripe\Forms\HTMLEditor\TinyMCEConfig:
 
 Will load the `mysite/css/editor.css` file.
 
+Alternatively, you can set this on a specific `TinyMCEConfig` instance via `setContentCSS` method.
+
+```php
+$config = new TinyMCEConfig();
+$config->setContentCSS([ '/mysite/client/css/editor.css' ]);
+```
+
 ## Custom style dropdown
 
 The custom style dropdown can be enabled via the `importcss` plugin bundled with admin module. ([Doc](https://www.tinymce.com/docs/plugins/importcss/))  

docs/en/02_Developer_Guides/18_Cookies_And_Sessions/02_Sessions.md

@@ -30,6 +30,7 @@ Otherwise, if you're not in a controller, get the request as a service.
 
 ```php
 use SilverStripe\Control\HTTPRequest;
+use SilverStripe\Core\Injector\Injector;
 
 $request = Injector::inst()->get(HTTPRequest::class);
 $session = $request->getSession();

docs/en/05_Contributing/04_Release_Process.md

@@ -105,12 +105,15 @@ SS_DEPRECATION_ENABLED="0"
 
 ### Reporting an issue
 
-Report security issues to [security@silverstripe.com](mailto:security@silverstripe.com). 
+Report security issues in our [commercially supported modules](https://www.silverstripe.org/software/addons/silverstripe-commercially-supported-module-list/)
+to [security@silverstripe.com](mailto:security@silverstripe.com). 
 Please don't file security issues in our [bugtracker](issues_and_bugs). 
 
 ### Acknowledgment and disclosure
 
-In the event of a confirmed vulnerability in SilverStripe core, we will take the following actions:
+In the event of a confirmed vulnerability in our
+[supported modules](https://www.silverstripe.org/software/addons/silverstripe-commercially-supported-module-list/),
+we will take the following actions:
 
 *  Acknowledge to the reporter that we’ve received the report and that a fix is forthcoming. We’ll give a rough
 timeline and ask the reporter to keep the issue confidential until we announce it.

docs/en/05_Contributing/09_Core_committers.md

@@ -2,19 +2,16 @@
 The core committers team is reviewed approximately annually, new members are added based on quality contributions to SilverStipe code and outstanding community participation. 
 
 ## Core committer team
+
 * [Aaron Carlino](https://github.com/unclecheese/)
 * [Chris Joe](https://github.com/flamerohr/)
 * [Damian Mooyman](https://github.com/tractorcow/)
 * [Daniel Hensby](https://github.com/dhensby)
-* [Hamish Friedlander](https://github.com/hafriedlander)
 * [Ingo Schommer](https://github.com/chillu)
-* [Jono Menz](https://github.com/jonom)
 * [Loz Calver](https://github.com/kinglozzer)
 * [Robbie Averill](https://github.com/robbieaverill)
 * [Sam Minnée](https://github.com/sminnee)
-* [Sean Harvey](https://github.com/halkyon/)
 * [Stevie Mayhew](https://github.com/stevie-mayhew/)
-* [Stig Lindqvist](https://github.com/stojg)
 * [Will Rossiter](https://github.com/wilr/)
 
 ## House rules for the core committer team

docs/en/05_Contributing/14_PHP_Coding_Conventions.md

@@ -90,7 +90,6 @@ public function getTitle()
 Use [phpdoc](http://phpdoc.org/) syntax before each definition (see [tutorial](http://manual.phpdoc.org/HTMLSmartyConverter/HandS/phpDocumentor/tutorial_phpDocumentor.quickstart.pkg.html)
 and [tag overview](http://manual.phpdoc.org/HTMLSmartyConverter/HandS/phpDocumentor/tutorial_tags.pkg.html)).
 
- * All class definitions and PHP files should have `@package` and `@subpackage`.
  * Methods should include at least `@param` and `@return`.
  * Include a blank line after the description.
  * Use `{@link MyOtherClass}` and `{@link MyOtherClass->otherMethod}` for inline references.

src/Forms/FileUploadReceiver.php

@@ -188,8 +188,9 @@ public function setValue($value, $record = null)
         // Filter items by what's allowed to be viewed
         $filteredItems = new ArrayList();
         $fileIDs = array();
+        /** @var File $file */
         foreach ($items as $file) {
-            if ($file->exists() && $file->canView()) {
+            if ($file->isInDB() && $file->canView()) {
                 $filteredItems->push($file);
                 $fileIDs[] = $file->ID;
             }

src/Forms/FormField.php

@@ -7,7 +7,6 @@
 use SilverStripe\Control\RequestHandler;
 use SilverStripe\Core\ClassInfo;
 use SilverStripe\Core\Convert;
-use SilverStripe\Dev\Deprecation;
 use SilverStripe\ORM\DataObject;
 use SilverStripe\ORM\DataObjectInterface;
 use SilverStripe\ORM\FieldType\DBField;

src/Forms/HTMLEditor/HTMLEditorConfig.php

@@ -20,7 +20,7 @@
  *
  * Typically global config changes should set the active config.
  *
- * The defaut config class can be changed via dependency injection to replace HTMLEditorConfig.
+ * The default config class can be changed via dependency injection to replace HTMLEditorConfig.
  *
  * @author "Hamish Friedlander" <hamish@silverstripe.com>
  */
@@ -59,7 +59,7 @@ abstract class HTMLEditorConfig
      * @var array
      */
     private static $user_themes = [];
-    
+
     /**
      * List of the current themes set for this config
      *
@@ -103,7 +103,7 @@ public static function set_config($identifier, HTMLEditorConfig $config = null)
         }
         return $config;
     }
-    
+
     /**
      * Gets the current themes, if it is not set this will fallback to config
      * @return array
@@ -115,7 +115,7 @@ public static function getThemes()
         }
         return Config::inst()->get(static::class, 'user_themes');
     }
-    
+
     /**
      * Sets the current theme
      *
@@ -125,7 +125,7 @@ public static function setThemes($themes)
     {
         static::$current_themes = $themes;
     }
-    
+
     /**
      * Set the currently active configuration object. Note that the existing active
      * config will not be renamed to the new identifier.

src/Forms/HTMLEditor/TinyMCEConfig.php

@@ -202,6 +202,13 @@ class TinyMCEConfig extends HTMLEditorConfig
      */
     private static $editor_css = [];
 
+    /**
+     * List of content css files to use for this instance, or null to default to editor_css config.
+     *
+     * @var string[]|null
+     */
+    protected $contentCSS = null;
+
     /**
      * TinyMCE JS settings
      *
@@ -621,33 +628,70 @@ protected function getConfig()
     }
 
     /**
-     * Get location of all editor.css files
+     * Get location of all editor.css files.
+     * All resource specifiers are resolved to urls.
      *
      * @return array
      */
     protected function getEditorCSS()
     {
-        $editor = array();
+        $editor = [];
+        $resourceLoader = ModuleResourceLoader::singleton();
+        foreach ($this->getContentCSS() as $contentCSS) {
+            $editor[] = $resourceLoader->resolveURL($contentCSS);
+        }
+        return $editor;
+    }
+
+    /**
+     * Get list of resource paths to css files.
+     *
+     * Will default to `editor_css` config, as well as any themed `editor.css` files.
+     * Use setContentCSS() to override.
+     *
+     * @return string[]
+     */
+    public function getContentCSS()
+    {
+        // Prioritise instance specific content
+        if (isset($this->contentCSS)) {
+            return $this->contentCSS;
+        }
 
         // Add standard editor.css
+        $editor = [];
         $editorCSSFiles = $this->config()->get('editor_css');
-        $resourceLoader = ModuleResourceLoader::singleton();
         if ($editorCSSFiles) {
             foreach ($editorCSSFiles as $editorCSS) {
-                $editor[] = $resourceLoader->resolveURL($editorCSS);
+                $editor[] = $editorCSS;
             }
         }
 
         // Themed editor.css
         $themes = HTMLEditorConfig::getThemes() ?: SSViewer::get_themes();
         $themedEditor = ThemeResourceLoader::inst()->findThemedCSS('editor', $themes);
         if ($themedEditor) {
-            $editor[] = $resourceLoader->resolveURL($themedEditor);
+            $editor[] = $themedEditor;
         }
-
         return $editor;
     }
 
+    /**
+     * Set explicit set of CSS resources to use for `content_css` option.
+     *
+     * Note: If merging with default paths, you should call getContentCSS() and merge
+     * prior to assignment.
+     *
+     * @param string[] $css Array of resource paths. Supports module prefix,
+     * e.g. `silverstripe/admin:client/dist/styles/editor.css`
+     * @return $this
+     */
+    public function setContentCSS($css)
+    {
+        $this->contentCSS = $css;
+        return $this;
+    }
+
     /**
      * Generate gzipped TinyMCE configuration including plugins and languages.
      * This ends up "pre-loading" TinyMCE bundled with the required plugins

src/Logging/DetailedErrorFormatter.php

@@ -31,16 +31,18 @@ public function format(array $record)
                 }
             }
 
-            $trace = debug_backtrace();
-
-            // Filter out monolog plumbing from the trace
-            // If the context file & line isn't found in the trace, then the trace is most likely
-            // call to the fatal error handler and is not useful, so exclude it entirely
-            $i = $this->findInTrace($trace, $context['file'], $context['line']);
-            if ($i !== null) {
-                $context['trace'] = array_slice($trace, $i);
-            } else {
-                $context['trace'] = null;
+            if (!isset($context['trace'])) {
+                $trace = debug_backtrace();
+
+                // Filter out monolog plumbing from the trace
+                // If the context file & line isn't found in the trace, then the trace is most likely
+                // call to the fatal error handler and is not useful, so exclude it entirely
+                $i = $this->findInTrace($trace, $context['file'], $context['line']);
+                if ($i !== null) {
+                    $context['trace'] = array_slice($trace, $i);
+                } else {
+                    $context['trace'] = null;
+                }
             }
         }