-
-
Notifications
You must be signed in to change notification settings - Fork 212
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Logout #2606
Logout #2606
Commits on Feb 11, 2016
-
Configuration menu - View commit details
-
Copy full SHA for 53bb566 - Browse repository at this point
Copy the full SHA 53bb566View commit details -
Configuration menu - View commit details
-
Copy full SHA for 943a454 - Browse repository at this point
Copy the full SHA 943a454View commit details -
Configuration menu - View commit details
-
Copy full SHA for b1e150e - Browse repository at this point
Copy the full SHA b1e150eView commit details -
They are not needed anymore since we use a auto loader
Configuration menu - View commit details
-
Copy full SHA for 4ce189c - Browse repository at this point
Copy the full SHA 4ce189cView commit details
Commits on Feb 18, 2016
-
Configuration menu - View commit details
-
Copy full SHA for 143ae74 - Browse repository at this point
Copy the full SHA 143ae74View commit details -
Added a grunt task to run phpcs
This commit adds a grunt task (named `php`) that will run phpcs with the PSR-2 standard. Note that you have to install php_codesniffer which has been added as a require-dev lib. Doing `composer install` will mess up Symphony's auto loader, so please `git checkout vendor` after the composer call
8Configuration menu - View commit details
-
Copy full SHA for 22069f4 - Browse repository at this point
Copy the full SHA 22069f4View commit details -
Configuration menu - View commit details
-
Copy full SHA for d68b132 - Browse repository at this point
Copy the full SHA d68b132View commit details
Commits on Mar 2, 2016
-
This commit introduce a new jQuery plugin called Default Value, which gives a input a source element to value its value from, when a specified event occurs on this source element. This behaviour is switched to off when the users focuses on the input field and then blurs out, leaving a value in the input. This commit also hooks this behaviours on the Data Source name input and on the Event name input. Closes symphonycms#2511
Configuration menu - View commit details
-
Copy full SHA for 0e27ff5 - Browse repository at this point
Copy the full SHA 0e27ff5View commit details -
Configuration menu - View commit details
-
Copy full SHA for 15f8cef - Browse repository at this point
Copy the full SHA 15f8cefView commit details
Commits on Mar 3, 2016
-
Fix usage of Session::unserialize()
This function should be checking new value for emptiness, but it was checking the database value instead. Additionally, at this point, the database value would always be `NULL`. Changed to use the correct variable.
Configuration menu - View commit details
-
Copy full SHA for d2e292d - Browse repository at this point
Copy the full SHA d2e292dView commit details -
Update Session class to PHP 7 specification
When there is no data written to the database, return `true` instead of `false`. Logically, the operation is successful. See: http://php.net/manual/en/sessionhandlerinterface.write.php When no data has been read, the read method should return an emtpy string, but it was returning NULL instead. See: http://php.net/manual/en/sessionhandlerinterface.read.php
Configuration menu - View commit details
-
Copy full SHA for ec700e5 - Browse repository at this point
Copy the full SHA ec700e5View commit details -
This way, developer can change the sorting order, which is Symphony's order by default
Configuration menu - View commit details
-
Copy full SHA for 5b2ae3c - Browse repository at this point
Copy the full SHA 5b2ae3cView commit details -
Configuration menu - View commit details
-
Copy full SHA for 78e7439 - Browse repository at this point
Copy the full SHA 78e7439View commit details -
Configuration menu - View commit details
-
Copy full SHA for 9f1147d - Browse repository at this point
Copy the full SHA 9f1147dView commit details -
Configuration menu - View commit details
-
Copy full SHA for b35eba8 - Browse repository at this point
Copy the full SHA b35eba8View commit details -
Made
generateNonce()
return value url safeThis change is primarly to make sure we do not have to url encode the xsrf token. Also, the default value for the method is now 30 instead of 20. (the magic 20 number was undocumented). The magic number used in the for loop for the fallback is also replace by the length parameter value: the sorter the nonce, the more iteration we have to make to shuffle things more. Finally the method will now throw an Exception if the length is smaller than 1. Fixes symphonycms#2567
2Configuration menu - View commit details
-
Copy full SHA for 34a3b50 - Browse repository at this point
Copy the full SHA 34a3b50View commit details -
Added support for PHP 7 random_bytes() and the mcrypt package. Re symphonycms#2567
11Configuration menu - View commit details
-
Copy full SHA for 5a61bf5 - Browse repository at this point
Copy the full SHA 5a61bf5View commit details
Commits on Mar 13, 2016
-
Refactored how the field gets it current values
The two SQL statements where mostly the same so they got refactored out. Also, this will provide another extension point for extension developers that inherits from the file upload.
Configuration menu - View commit details
-
Copy full SHA for 42524d4 - Browse repository at this point
Copy the full SHA 42524d4View commit details
Commits on Mar 15, 2016
-
Prevent errors if EXTENSIONS is un readable
This fixes a fatal error on the install page when the extension folder does not exists
Configuration menu - View commit details
-
Copy full SHA for 825eb27 - Browse repository at this point
Copy the full SHA 825eb27View commit details
Commits on Apr 5, 2016
-
Fix Namespace Cache Typo & remove useless query
First of all there's a big 'error' on the namespace which never matched as there was a typo. Second if a hash exists; the namespace query is run for no reason as data is overwritten by the if statement underneath.
Configuration menu - View commit details
-
Copy full SHA for 83a042a - Browse repository at this point
Copy the full SHA 83a042aView commit details -
Merge pull request symphonycms#2582 from jonmifsud/patch-1
Fix Namespace Cache Typo & remove useless query
Configuration menu - View commit details
-
Copy full SHA for 06e9f4d - Browse repository at this point
Copy the full SHA 06e9f4dView commit details
Commits on Apr 12, 2016
-
Fix storage warnings on MySQL 5.7
This is a port of symphonycms@5e3bf4f#diff-19f01796e1be3eb30628a9acd35514d5L204 cc @brendo
Configuration menu - View commit details
-
Copy full SHA for 9363d50 - Browse repository at this point
Copy the full SHA 9363d50View commit details -
Url seems to be case sensitive now. Closes symphonycms#2580
Configuration menu - View commit details
-
Copy full SHA for ec0a040 - Browse repository at this point
Copy the full SHA ec0a040View commit details -
Set "Sections Index" as default area of default (first) author (symph…
…onycms#2530) * Set "Sections Index" as default area of default (first) author Because not having a default area isn’t considered in the UI. * Set "/blueprints/sections/" as default area fallback for developers symphonycms#2529 * Fix Whitespace
Configuration menu - View commit details
-
Copy full SHA for 17d87a5 - Browse repository at this point
Copy the full SHA 17d87a5View commit details
Commits on Apr 23, 2016
-
Fix code formatting (symphonycms#2586)
A very small formatting fix.
Configuration menu - View commit details
-
Copy full SHA for de50fc3 - Browse repository at this point
Copy the full SHA de50fc3View commit details
Commits on Apr 25, 2016
-
mt_srand function argument must be an integer
PHP 7 cares.
Configuration menu - View commit details
-
Copy full SHA for 05b68ec - Browse repository at this point
Copy the full SHA 05b68ecView commit details -
Datetime field cannot have a default value of "0000-00-00"
In MySQL 5.7 a datetime field cannot have a default value of "0000-00-00" for the date, the minimum value is "1000-01-01".
Configuration menu - View commit details
-
Copy full SHA for db403c3 - Browse repository at this point
Copy the full SHA db403c3View commit details
Commits on May 1, 2016
-
Configuration menu - View commit details
-
Copy full SHA for f7fc180 - Browse repository at this point
Copy the full SHA f7fc180View commit details
Commits on May 23, 2016
-
Deprecated $_SESSION copy into $_COOKIE
This thing really complicates things and should have been removed earlier
Configuration menu - View commit details
-
Copy full SHA for 6c73f63 - Browse repository at this point
Copy the full SHA 6c73f63View commit details -
Better php.ini overrides for insecure setups
This change is to protect our users against a poorly setup server. PHP can allow pretty scary things security-wise, so it's best to make sure things that can only have one valid setting should be enforced. Thanks to @hyp3rlinx for this.
15Configuration menu - View commit details
-
Copy full SHA for b329a14 - Browse repository at this point
Copy the full SHA b329a14View commit details
Commits on May 24, 2016
-
Allow install in folders with special chars
This change makes it possible to have non-url safe characters in the base path
Configuration menu - View commit details
-
Copy full SHA for 83069c6 - Browse repository at this point
Copy the full SHA 83069c6View commit details -
Make sure the process is at the right place
This is a precaution calls what makes sure the SAPI module used by the hosting company chdir's the user at the right place
Configuration menu - View commit details
-
Copy full SHA for 5e67448 - Browse repository at this point
Copy the full SHA 5e67448View commit details
Commits on May 26, 2016
-
Use HTTP_HOST constant instead of reading $_SERVER
This is what constant are for
Configuration menu - View commit details
-
Copy full SHA for a167139 - Browse repository at this point
Copy the full SHA a167139View commit details
Commits on May 31, 2016
-
Make sure user can delete the author (symphonycms#2572)
This commits reuse the code from the edit action in order to validate if the current user can delete the author. Even if the Delete button is not present on the page, a request can be crafted in order for an author to delete another. This change also validates that the password of the current author is checked before doing any un-undoable things. Rebase of 8b20b8f
Configuration menu - View commit details
-
Copy full SHA for f7a5406 - Browse repository at this point
Copy the full SHA f7a5406View commit details -
Only request the needed schema in table view (symphonycms#2568)
This changes uses the array returned by $section->fetchVisibleColumns() in order to create the element names array to pass to the entry manager. This yeilds a nice performance update when a section contains many (hundreads) of fields but only a few of them are needed for the publish table view. Rebase of 34bd49f
Configuration menu - View commit details
-
Copy full SHA for 92f762b - Browse repository at this point
Copy the full SHA 92f762bView commit details -
Added ticks around table in DELETE statement
That's for uniformity only. Cherry picked version of 5476e2f
Configuration menu - View commit details
-
Copy full SHA for 0854278 - Browse repository at this point
Copy the full SHA 0854278View commit details -
Add support for tag negation and filterable ops
Rebased version of 05693e0 Closes symphonycms#2520
Configuration menu - View commit details
-
Copy full SHA for 786d1cc - Browse repository at this point
Copy the full SHA 786d1ccView commit details -
Add delegate prior to checking a field's post data (symphonycms#2549)
EntryPreCheckPostFieldData
Configuration menu - View commit details
-
Copy full SHA for bbc88fa - Browse repository at this point
Copy the full SHA bbc88faView commit details -
Add data-attributes to publish filtering interface (symphonycms#2577)
* Publish Filtering : Increase flexibility of comparison modes 6e764d1 The current markup of the „comparison mode“-selectboxes in the publish filtering interface doesn’t allow for multiple modes that don’t have a filter prefix (like „regexp:“, „greater than:“, etc.) as it uses the prefix as unique identifier (option value). The default comparison mode „is“ is expected as the only mode without a filter prefix. But filter modes like „between“ („$x to $y“) as included in Number Field (and possibly date fields too) don’t have a prefix either and therefore won’t work with the current code. This PR changes that behavior by shifting to the filter title as unique identifier and adding the filter prefix as optional data-attribute that’s only used for building the actual filtering-url-parameters. Old Behavior: - Filter title is used as option title - Filter prefix is used as value-attribute New Behavior: - Filter title is used as option title - Filter title is used as value-attribute - Filter prefix is included as data-attribute * Fix code indenting 4a7db7a * Improve construction of comparison array ccc5e9e * Fix code indenting e56bdde * Use „data-comparison“ as unique identifier of the chosen comparison mode d37e0b8 Use the „data-comparison“-attribute as unique identifier for the chosen comparison mode of a filtering instance - both in the selectbox and the list of context help texts. The „value“-attribute of the comparison mode selectbox now again is used for serving the actual filter prefix used to construct the filtering-parameters in the url. * Remove leading whitespace from filter value input field ac61c11
Configuration menu - View commit details
-
Copy full SHA for 51ba356 - Browse repository at this point
Copy the full SHA 51ba356View commit details -
Lock/unlock tables when editing entries (symphonycms#2585)
When editing an entry, Symphony will iterate over all fields, delete existing data first, then insert a new row for the field's data. So there will always be a time slot without field data. If multiple processes edit the same entry, this means a race condition that may lead to data being corrupted in several ways (also depending on the field type). Locking the table solves the issue. Fixes symphonycms#2472
Configuration menu - View commit details
-
Copy full SHA for 4b5067f - Browse repository at this point
Copy the full SHA 4b5067fView commit details -
Use $_SERVER[] instead of getenv()
$_SERVER must hold the content we are looking for, while getenv does not have to. Most server SAPI implementation will look into the same array for those values, but some does not. Fixes symphonycms#2569
Configuration menu - View commit details
-
Copy full SHA for 7bf5c07 - Browse repository at this point
Copy the full SHA 7bf5c07View commit details -
Provide an extension point to $_SERVER reads
As discussed in symphonycms#2569, this commit adds a new function, server_safe, which could potentially server as a safe way to get $_SERVER values. Right now, the only storage used is $_SERVER, but that could change in the future.
Configuration menu - View commit details
-
Copy full SHA for 2f1a3b3 - Browse repository at this point
Copy the full SHA 2f1a3b3View commit details -
Configuration menu - View commit details
-
Copy full SHA for cf942a9 - Browse repository at this point
Copy the full SHA cf942a9View commit details -
Make sure the DIRROOT constant ends with a /
This should make is easier to use it. Re: symphonycms#2591
3Configuration menu - View commit details
-
Copy full SHA for b6d9edb - Browse repository at this point
Copy the full SHA b6d9edbView commit details -
Fix root-dir parameter potential double /
No need to edit the DIRROOT anymore: it will always end with / Re: symphonycms#2591
Configuration menu - View commit details
-
Copy full SHA for 2148a32 - Browse repository at this point
Copy the full SHA 2148a32View commit details -
This value is safe to use in templates: it will reflect the path to the workspace according to the DIRROOT. Fixes symphonycms#2591
Configuration menu - View commit details
-
Copy full SHA for f9b5b6e - Browse repository at this point
Copy the full SHA f9b5b6eView commit details -
This will prevent the system from getting the same values across multiple places
Configuration menu - View commit details
-
Copy full SHA for 34aeff3 - Browse repository at this point
Copy the full SHA 34aeff3View commit details -
Calling rawurlencode is not enought, since it will encode / as %2F. Slashes needs to be respected, but any non url-friendly value must be encoded.
Configuration menu - View commit details
-
Copy full SHA for a2f2323 - Browse repository at this point
Copy the full SHA a2f2323View commit details
Commits on Jun 4, 2016
-
Split out the http protocol logic into a constant
This extraction creates a new constant, HTTP_PROTO, whill which will either hold http: or https: The URL constant value will remain unchanged. Re: 2591
Configuration menu - View commit details
-
Copy full SHA for e23f2f2 - Browse repository at this point
Copy the full SHA e23f2f2View commit details -
After much debate in symphonycms#2591 we want to keep the current interface as much as previous version. This commit makes it so the only changes from 2.6.7 is the addition of the `workspace-path` parameter. Here's a list of the affected commits b35eba8 The `root-dir` parameter has been removed b6d9edb as been reverted and restored to the original 9f1147d value 2148a32 has been reverted 34aeff3 has been modified to accomodate potential empty value This will hopefully close symphonycms#2591
Configuration menu - View commit details
-
Copy full SHA for 72801b4 - Browse repository at this point
Copy the full SHA 72801b4View commit details -
Fixed double ticks in SQL query
MySQL::delete() already adds ticks around the table name. No need to do it twice
Configuration menu - View commit details
-
Copy full SHA for 29a70c1 - Browse repository at this point
Copy the full SHA 29a70c1View commit details -
Remove trailing slash from safe cookie path
This fix continues what 72801b4 started.
Configuration menu - View commit details
-
Copy full SHA for a58ff6b - Browse repository at this point
Copy the full SHA a58ff6bView commit details -
Remove mcrypt as it is not maintained
See https://wiki.php.net/rfc/mcrypt-viking-funeral Also rewrote the logic a bit to fix when a valid source fails to produce an output Re 5a61bf cc @siimsoni
Configuration menu - View commit details
-
Copy full SHA for d6118c0 - Browse repository at this point
Copy the full SHA d6118c0View commit details -
Configuration menu - View commit details
-
Copy full SHA for 8ef1e28 - Browse repository at this point
Copy the full SHA 8ef1e28View commit details -
Configuration menu - View commit details
-
Copy full SHA for 78d1a1c - Browse repository at this point
Copy the full SHA 78d1a1cView commit details -
Added missing $_REQUEST when fixing magic_quotes
$_REQUEST holds a copy of the data, so we need to add it too! cc @brendo @michael-e
2Configuration menu - View commit details
-
Copy full SHA for b283df9 - Browse repository at this point
Copy the full SHA b283df9View commit details -
This issue has been discovered by @hyp3rlinx Script and html injection was possible, when the user was authenticated
Configuration menu - View commit details
-
Copy full SHA for 0f27412 - Browse repository at this point
Copy the full SHA 0f27412View commit details
Commits on Jun 5, 2016
-
Configuration menu - View commit details
-
Copy full SHA for 06371ab - Browse repository at this point
Copy the full SHA 06371abView commit details
Commits on Jun 6, 2016
-
9
Configuration menu - View commit details
-
Copy full SHA for 581c99c - Browse repository at this point
Copy the full SHA 581c99cView commit details -
This prevents XSS from error message, which can be remote messages
Configuration menu - View commit details
-
Copy full SHA for fecc61e - Browse repository at this point
Copy the full SHA fecc61eView commit details -
Wrap exceptions xml message in CDATA
Exceptions can come from remote servers (like MySQL or SMTP) and can contain invalid xml data. User exceptions can also break this rule. As a safety precaution, we will wrap message just before ouput. Also, it's worthy to say that multiple calls to General::General::wrapInCDATA() is safe. Fixes symphonycms#2518
Configuration menu - View commit details
-
Copy full SHA for 2d8d5e0 - Browse repository at this point
Copy the full SHA 2d8d5e0View commit details -
Delete __actionIndex from authors content page
It does not have any purpose now since we do not even have a with-selected dropdown anymore on the index page. Fixes symphonycms#2573
Configuration menu - View commit details
-
Copy full SHA for 226429d - Browse repository at this point
Copy the full SHA 226429dView commit details
Commits on Jun 7, 2016
-
Output password and email even when auth == 0
This will prevent overwriting the previous values
Configuration menu - View commit details
-
Copy full SHA for 3979c10 - Browse repository at this point
Copy the full SHA 3979c10View commit details -
Configuration menu - View commit details
-
Copy full SHA for 8da82f6 - Browse repository at this point
Copy the full SHA 8da82f6View commit details -
Make pickable hidden forms elements readonly
Not visible element should be made readonly, since the user can't edit them anyways. This fixes a problem where Chrome would auto-fill hidden input and the value would be saved without the user ever seeing it. We already tried to fix the problem usign a standard solution (auto-complete="off", symphonycms#1843 and symphonycms#1841) but it does not work. We also tried a non-standard solution (symphonycms#2258) which was rejected. This change only uses standard solution, even thought it relies on javascript to make things works (it should not be a problem since the backend now heavily relies on javascript)
Configuration menu - View commit details
-
Copy full SHA for 301d2b7 - Browse repository at this point
Copy the full SHA 301d2b7View commit details -
Configuration menu - View commit details
-
Copy full SHA for 4fb94f4 - Browse repository at this point
Copy the full SHA 4fb94f4View commit details -
Configuration menu - View commit details
-
Copy full SHA for 1b0e361 - Browse repository at this point
Copy the full SHA 1b0e361View commit details -
Also added a grunt task to get the current commit id we have building on
Configuration menu - View commit details
-
Copy full SHA for 2afebde - Browse repository at this point
Copy the full SHA 2afebdeView commit details -
Configuration menu - View commit details
-
Copy full SHA for cf90c7a - Browse repository at this point
Copy the full SHA cf90c7aView commit details
Commits on Jun 17, 2016
-
Tag list field: accept an array of tags (symphonycms#2602)
* Accept an array of tags 189b387 While the tag list field always returned string (parameter pool) and array values (XML) in the output, it did only accept a string of tags on post. This commit extends the field to accept an array of tags as well which is helpful, if you are building a tag list widget on the front-end and would like to post back to the system. This change is supposed to be backwards compatible (it doesn't change the behaviour for posted string values). * Fix whitespace 49a5200
Configuration menu - View commit details
-
Copy full SHA for 7e9c94e - Browse repository at this point
Copy the full SHA 7e9c94eView commit details -
Fix SQL problem with AND (+) operation
The SQL generated by the code introduce in 786d1cc contained errors: 1. A superflous ' was present arount the $bit part twice 2. A opening parenthesis ( was missing at the start of the WHERE clause Re symphonycms#2602 Found when reviewing 7e9c94e
Configuration menu - View commit details
-
Copy full SHA for 0e299c6 - Browse repository at this point
Copy the full SHA 0e299c6View commit details -
Removing code duplication Re symphonycms#2602
Configuration menu - View commit details
-
Copy full SHA for 558b5d7 - Browse repository at this point
Copy the full SHA 558b5d7View commit details
Commits on Jun 21, 2016
-
Configuration menu - View commit details
-
Copy full SHA for 9c8679f - Browse repository at this point
Copy the full SHA 9c8679fView commit details -
Removed unecessary div. qualifier
It's redundant and totally not needed. Reduces possible reuse.
10Configuration menu - View commit details
-
Copy full SHA for 5b9e33c - Browse repository at this point
Copy the full SHA 5b9e33cView commit details -
Configuration menu - View commit details
-
Copy full SHA for 6aa775c - Browse repository at this point
Copy the full SHA 6aa775cView commit details -
Configuration menu - View commit details
-
Copy full SHA for 93ac344 - Browse repository at this point
Copy the full SHA 93ac344View commit details -
Configuration menu - View commit details
-
Copy full SHA for 81b0b68 - Browse repository at this point
Copy the full SHA 81b0b68View commit details
Commits on Jun 22, 2016
-
Configuration menu - View commit details
-
Copy full SHA for 1f6ae8c - Browse repository at this point
Copy the full SHA 1f6ae8cView commit details
Commits on Jul 7, 2016
-
Supress warning when chmod does not work
chmod can fail for numerous reason, like when the user running php does not have proper rights on the filesystem.
Configuration menu - View commit details
-
Copy full SHA for 52893d5 - Browse repository at this point
Copy the full SHA 52893d5View commit details -
Change default permission in uploadFile to 0644
0777 is a dangerous settings and should try to be avoided as a default value. Re: symphonycms/jit_image_manipulation#131
Configuration menu - View commit details
-
Copy full SHA for 255b6dd - Browse repository at this point
Copy the full SHA 255b6ddView commit details
Commits on Jul 19, 2016
-
Configuration menu - View commit details
-
Copy full SHA for 0c9d32a - Browse repository at this point
Copy the full SHA 0c9d32aView commit details -
Configuration menu - View commit details
-
Copy full SHA for 6a988c1 - Browse repository at this point
Copy the full SHA 6a988c1View commit details