992e84e602
Add missing documentation comment blocks for fired events ( #4788 )
...
Credit to @mjauvin.
2019-11-24 23:59:00 -06:00
8da798a5cd
Remove XSRF cookie
...
This was a contentious change is generally a bad idea to blanket all requests with a dependant cookie. We will try something else.
Revert enableXsrfCookies setting. Fixes UX issue introduced where the token expires. This should be replaced by a CSRF policy that determines whether this is needed on the front end.
2019-11-04 09:06:05 +11:00
c5bd5f0e0a
Apply ResponseMaker to backend AJAX and cms.page.display event
2019-11-03 08:02:28 +11:00
1df8e72e4a
Remove unused import
2019-11-02 19:42:09 +11:00
63f65a3f25
Add XSRF to backend, simplify CMS controller run() method
...
runInternal has been removed because we do not want to blanket our response logic over every single response, only the happy path. This is because it is impossible to remove. So it is better to take the inverted approach, where if you want the CMS' headers in your custom response, add them yourself. This becomes easy via the new makeResponse() method
2019-11-02 19:14:45 +11:00
ff8f899fbe
Move response common functions to ResponseMaker trait
2019-11-02 18:21:22 +11:00
b1fa45ee3a
Combine common CSRF logic to a trait
2019-11-02 15:15:18 +11:00
49d68f0671
Cookies are no longer serialized
...
Based on update to library 09e859a13e
2019-11-02 14:52:00 +11:00
959b85f56c
Add cms.enableXsrfCookies config value (default true) to configure whether or not the XSRF cookie is automatically sent or if CSRF tokens are solely relied on.
...
Related: https://github.com/octobercms/october/pull/4701#issuecomment-547773385 & https://github.com/laravel/framework/pull/24726
2019-10-30 08:08:54 -06:00
457466c5af
Fix typehint
2019-10-29 16:33:49 -06:00
eb4648972f
Ensure that the XSRF cookie can always be added to the response, no matter the source of the response
2019-10-28 13:33:07 -06:00
096ccf875d
Implement suggestions from @bennothommo
2019-10-28 12:58:07 -06:00
f542ca8e90
Implement XSRF checking for AJAX handlers
...
Refs #4699
Refs #4701
2019-10-24 20:19:20 +11:00
b2dcd3c9fd
Update Dutch (NL_nl) translation ( #4676 )
...
Credit to @adrenth
2019-10-09 13:08:31 +03:00
773f266373
Allow for URL parameter to be zero ( #4657 )
...
The `empty()` check previously disallowed string zeroes from being used.
Credit to @gaabora.
2019-10-08 09:04:52 +08:00
d31006ae1a
Return 403 response on CSRF fail instead of silently failing
...
Also moved backend::lang.page.invalid_token.label to system::lang.page.invalid_token.label. Fixes
2019-10-06 23:21:08 -06:00
c23d671f91
New templates must have a unique widget alias
2019-09-30 20:17:02 +10:00
c19ccb4f60
Update zh-cn backend translations ( #4635 )
...
Credit to @everyx.
2019-09-26 12:38:22 +08:00
bafd057f8c
Optimize theme recognition ( #3220 )
...
Credit to @vojtasvoboda. Will avoid asking the database for the currently active theme if there is only one theme present and its code matches the code set in cms.activeTheme
2019-09-25 12:26:54 -06:00
33d149fe1a
Replace caching of Theme config with generic YAML caching ( #4526 )
...
Credit to @Samuell1. Fixes issues related to complexity of the existing approach / cache invalidation by just using the caching built in to YAML::parseFile().
2019-09-25 11:36:35 -06:00
7b8fecaa51
Replace use of parseJSON with JSON.parse ( #4517 )
...
Credit to @DanHarrin
2019-09-14 06:25:18 -06:00
3212fc5b35
Merge pull request #4503 from ghost/role-form
...
Add role-form to all forms
2019-09-10 17:55:40 +10:00
0240c21af6
Fail CSRF token checks if the session expires. ( #4598 )
...
Fixes #4595 . Credit to @bennothommo
2019-09-04 21:33:10 -06:00
5723cd4b2a
Match save method signature in Theme Export/Import
2019-09-05 10:58:22 +08:00
6942e38615
Remove the IE5 - IE7 Holly Hack support ( #4594 )
...
Credit to @ayumihamsaki
2019-09-04 09:32:29 -06:00
9521dd795c
Minor Formatting Corrections in Usage Comments ( #4541 )
...
Credit to @DanHarrin
2019-08-15 09:14:54 -06:00
188c565d69
Hide active theme's Delete button ( #4528 )
...
Credit to @DanHarrin.
2019-08-15 11:42:25 +08:00
4434808549
Remove theme data on theme deletion ( #4529 )
...
Credit to @DanHarrin. Fixes #1292 .
2019-08-15 11:41:03 +08:00
967fd02d8c
Fix minor spelling errors and inconsistencies ( #4543 )
...
Credit to @DanHarrin.
2019-08-15 11:39:26 +08:00
67c9decb20
Standardise use of [] vs array() ( #4548 )
...
Credit to @DanHarrin
2019-08-14 20:46:36 -06:00
0383af6282
Update __isset function to comply with the same checks as __get ( #4514 )
...
Credit to @RickAcb.
2019-08-04 19:56:15 +08:00
432dd5d91a
Add role-form to all forms
2019-07-31 15:46:20 +01:00
99777f5977
Fix issue with AJAX framework load order on the frontend.
...
Partially reverts f4e50ddd1ahttps://github.com/octobercms/october/pull/4285#issuecomment-513566437 . Functionality can be re-added at a later date under an optional parameter added to the {% framework %} tag. Replaces https://github.com/octobercms/october/pull/4469
2019-07-29 16:30:14 -06:00
02ba765a9e
Added Thai translation ( #4472 )
...
Credit to @anurat.
2019-07-26 14:52:52 -06:00
df81ea182b
Remove alert to prevent showing same popup twice ( #4470 )
...
Credit to @Samuell1
2019-07-24 12:33:18 -06:00
1587c7f49c
Warn developers to not be silly. Fixes #4466 .
2019-07-23 11:17:56 -06:00
36c69a063b
Add support for tab icons in theme customization ( #4464 )
...
Fixes #4131 . Credit to @Samuell1
2019-07-21 23:45:30 -06:00
a59d3b83eb
Code quality clean up ( #4449 )
...
Credit to @bennothommo
2019-07-18 08:50:37 -06:00
ae5f1a4282
Clean up output of Twig dump() function ( #4460 )
...
Credit to @ayumihamsaki. Fixes #4446 .
2019-07-17 22:54:24 -06:00
94a71ff3da
Improved Brazilian Portuguese translations ( #4450 )
...
Credit to @prhost
2019-07-13 16:42:43 -06:00
2613141870
Update zh-cn/lang.php file ( #4447 )
...
Credit to @wenlong-date.
2019-07-11 17:21:24 +03:00
e0e951dfcd
Disable searching and sorting on any_template
...
Fixes #4441 . Make the new template and old template columns visible and sort by them instead if you need to sort by that column.
2019-07-09 08:38:30 -06:00
6f583b3920
Disable theme config cache when debug mode enabled
2019-07-08 16:25:25 -06:00
07a852ed8a
Fix selection issue for similar-named CMS objects ( #4433 )
...
CMS objects with the same name as another object (eg. "test.htm" for a page and "test.htm" for a partial) were unable to be selected (selecting the partial selected the page).
Credit to @wenlong-date.
2019-07-05 16:47:30 +08:00
f4e50ddd1a
Add new Performance API's to October CMS ( #4285 )
...
PR adds a new Priority Hints API, Preload API and async to the October CMS AJAX injected code and a new Priority Hints API to the loaded assets in the head section.
Credit to @ayumihamsaki. Related #4277 , #4030
2019-06-17 01:17:34 +03:00
46c867e4b5
Improve API docs
...
Resolves #4214
2019-06-12 00:33:30 -06:00
a777c44cb4
Remove typehints for database template methods.
...
Instead check the CmsObject class inheritence in the methods. Fixes #4376
2019-06-09 23:33:38 +08:00
f921af4199
Fix menus not being displayed with database templates ( #4362 )
...
Credit to @SebastiaanKloos.
2019-06-06 21:05:38 +08:00
e7ec0be0c1
Merge pull request #3908 from octobercms/wip/halcyon-db-datasource
...
Database layer for the CMS objects
2019-06-01 14:28:34 +10:00
8c398e7ad5
cms_theme_contents -> cms_theme_templates
2019-06-01 12:45:29 +10:00
Marc Jauvin
Samuel Georges
Luke Towers
Alwin Drenth
gaabora
罗光盛
Vojta Svoboda
Samuell
Dan Harrin
Ben Thomson
Ayumi Hamasaki
RickAcb
Ayumi Hamasaki
Anurat Chapanond
Kallef Alexandre
Long Wen
Luke Towers
Sebastiaan Kloos