TPS
/
ORIENT
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
5,170 Commits 3 Branches 0 Tags 78 MiB
Commit Graph

1212 Commits

Author SHA1 Message Date
Ben Thomson 11b7111413 Use old signature for `where` method in CmsObjectCollection. 
Refs: https://github.com/octobercms/october/pull/4893#discussion_r368408407
 2020-01-20 16:25:50 +08:00
Ben Thomson 9ecad139c4 Comment tweak for CmsObjectCollection::where() 2020-01-20 13:59:29 +08:00
Ben Thomson cf67e83598
Make slug route param optional for CMS module. 
This allows the home page to load.
 2020-01-19 23:23:27 +08:00
Ben Thomson 662b1c2e45
Fix incompatible `where` method in CmsObjectCollection 
Signature for the `where` method changes in L6, so a wrapper has been put in place.
 2020-01-19 16:35:01 +08:00
Ben Thomson 5d3d4ad0b2
Merge branch 'develop' into wip/laravel-5.9 2020-01-18 21:00:40 +08:00
Ben Thomson c046466913 Set Dropzone.js uploaders to have no time limit (#4878) 
The upgrade to the latest Dropzone.js brought in a new `timeout` configuration variable, which defaults to 30s. This removes the time limit and restores original functionality.

Fixes #4869
 2020-01-14 16:47:25 -06:00
Samuel Georges cbc620c3e8 Rollback for Build 462 
This change should be revisited since it doesn't account for database-based templates which have no file path. Upon revisit, we might want to consider adding this logic in to the afterFetch() event with detection of file based mode, or even at the lower levels where the file is first extracted from the filesystem. TBA
 2019-12-19 17:42:25 +11:00
Luke Towers a51215b9b3
Revert "Added additional robots meta fields to CMS pages (#4685)" (#4832) 
This reverts commit 8303e0dbb2. Reverts #4685. Should be implemented as a plugin instead.
 2019-12-18 13:51:50 -06:00
Nick Khaetsky 8303e0dbb2 Added additional robots meta fields to CMS pages (#4685) 
Credit to @FlusherDock1
 2019-12-18 10:16:36 -06:00
Samuel Georges 7902cfa58a Simplify security check 
Logic in ComponentPartial was rolled back and moved to the Controller. Since there are issues with throwing exceptions inside the component partial lookup logic (exceptions are conditionally suppressed), it seems like it would be better to bubble up the security logic to the controller level as a simple base dir security check, which is no longer concerned about any suppression logic. This looks to have logic parity with the previous solution

Refs #4652
 2019-12-14 12:37:44 +11:00
Tobias Kündig 80f870c313 Allow partial overrides in subfolders (#4652) 
* Allow partial overrides in subfolders + security checker
 2019-12-14 12:22:30 +11:00
Samuel Georges 22db1299ae Exception handling 
$widget->secondaryTabs['fields'] may not always be present
 2019-12-12 22:02:39 +11:00
Blaž Oražem 8abed1794f Slovenian language added (#4796) 
* Add Slovenian language
 2019-12-10 20:17:42 +11:00
Samuel Georges 260e1f503f Rollback d31006ae1a 2019-12-10 03:12:12 +11:00
Marc Jauvin 864816f7f2 Make CMS object code editor read-only in safe mode (#4769) 
Adds a dismissable message to the CMS object code editor indicating that the PHP code section of a CMS object cannot be edited when `cms.enableSafeMode` is `true` (or when debugging is disabled if `null`).

Credit to @mjauvin.
 2019-12-09 21:05:50 +08:00
Marc Jauvin 992e84e602 Add missing documentation comment blocks for fired events (#4788) 
Credit to @mjauvin.
 2019-11-24 23:59:00 -06:00
Ben Thomson 7e3136564f
Merge branch 'develop' into wip/laravel-5.9 2019-11-21 23:18:25 +08:00
Samuel Georges 8da798a5cd Remove XSRF cookie 
This was a contentious change is generally a bad idea to blanket all requests with a dependant cookie. We will try something else.

Revert enableXsrfCookies setting. Fixes UX issue introduced where the token expires. This should be replaced by a CSRF policy that determines whether this is needed on the front end.
 2019-11-04 09:06:05 +11:00
Samuel Georges c5bd5f0e0a Apply ResponseMaker to backend AJAX and cms.page.display event 2019-11-03 08:02:28 +11:00
Samuel Georges 1df8e72e4a Remove unused import 2019-11-02 19:42:09 +11:00
Samuel Georges 63f65a3f25 Add XSRF to backend, simplify CMS controller run() method 
runInternal has been removed because we do not want to blanket our response logic over every single response, only the happy path. This is because it is impossible to remove. So it is better to take the inverted approach, where if you want the CMS' headers in your custom response, add them yourself. This becomes easy via the new makeResponse() method
 2019-11-02 19:14:45 +11:00
Samuel Georges ff8f899fbe Move response common functions to ResponseMaker trait 2019-11-02 18:21:22 +11:00
Samuel Georges b1fa45ee3a Combine common CSRF logic to a trait 2019-11-02 15:15:18 +11:00
Samuel Georges 49d68f0671 Cookies are no longer serialized 
Based on update to library 09e859a13e we no longer serialize cookies, so the decrypter no longer needs to apply a serialization layer
 2019-11-02 14:52:00 +11:00
Luke Towers 959b85f56c Add cms.enableXsrfCookies config value (default true) to configure whether or not the XSRF cookie is automatically sent or if CSRF tokens are solely relied on. 
Related: https://github.com/octobercms/october/pull/4701#issuecomment-547773385 & https://github.com/laravel/framework/pull/24726
 2019-10-30 08:08:54 -06:00
Luke Towers 457466c5af Fix typehint 2019-10-29 16:33:49 -06:00
Luke Towers eb4648972f Ensure that the XSRF cookie can always be added to the response, no matter the source of the response 2019-10-28 13:33:07 -06:00
Luke Towers 096ccf875d Implement suggestions from @bennothommo 2019-10-28 12:58:07 -06:00
Samuel Georges f542ca8e90 Implement XSRF checking for AJAX handlers 
Refs #4699
Refs #4701
 2019-10-24 20:19:20 +11:00
Alwin Drenth b2dcd3c9fd Update Dutch (NL_nl) translation (#4676) 
Credit to @adrenth
 2019-10-09 13:08:31 +03:00
gaabora 773f266373 Allow for URL parameter to be zero (#4657) 
The `empty()` check previously disallowed string zeroes from being used.

Credit to @gaabora.
 2019-10-08 09:04:52 +08:00
Luke Towers d31006ae1a Return 403 response on CSRF fail instead of silently failing 
Also moved backend::lang.page.invalid_token.label to system::lang.page.invalid_token.label. Fixes
 2019-10-06 23:21:08 -06:00
Samuel Georges c23d671f91 New templates must have a unique widget alias 2019-09-30 20:17:02 +10:00
罗光盛 c19ccb4f60 Update zh-cn backend translations (#4635) 
Credit to @everyx.
 2019-09-26 12:38:22 +08:00
Vojta Svoboda bafd057f8c Optimize theme recognition (#3220) 
Credit to @vojtasvoboda. Will avoid asking the database for the currently active theme if there is only one theme present and its code matches the code set in cms.activeTheme
 2019-09-25 12:26:54 -06:00
Samuell 33d149fe1a Replace caching of Theme config with generic YAML caching (#4526) 
Credit to @Samuell1. Fixes issues related to complexity of the existing approach / cache invalidation by just using the caching built in to YAML::parseFile().
 2019-09-25 11:36:35 -06:00
Dan Harrin 7b8fecaa51 Replace use of parseJSON with JSON.parse (#4517) 
Credit to @DanHarrin
 2019-09-14 06:25:18 -06:00
Samuel Georges 3212fc5b35
Merge pull request #4503 from ghost/role-form 
Add role-form to all forms
 2019-09-10 17:55:40 +10:00
Ben Thomson 0240c21af6 Fail CSRF token checks if the session expires. (#4598) 
Fixes #4595. Credit to @bennothommo
 2019-09-04 21:33:10 -06:00
Ben Thomson 5723cd4b2a
Match save method signature in Theme Export/Import 2019-09-05 10:58:22 +08:00
Ayumi Hamasaki 6942e38615 Remove the IE5 - IE7 Holly Hack support (#4594) 
Credit to @ayumihamsaki
 2019-09-04 09:32:29 -06:00
Dan Harrin 9521dd795c Minor Formatting Corrections in Usage Comments (#4541) 
Credit to @DanHarrin
 2019-08-15 09:14:54 -06:00
Dan Harrin 188c565d69 Hide active theme's Delete button (#4528) 
Credit to @DanHarrin.
 2019-08-15 11:42:25 +08:00
Dan Harrin 4434808549 Remove theme data on theme deletion (#4529) 
Credit to @DanHarrin. Fixes #1292.
 2019-08-15 11:41:03 +08:00
Dan Harrin 967fd02d8c Fix minor spelling errors and inconsistencies (#4543) 
Credit to @DanHarrin.
 2019-08-15 11:39:26 +08:00
Dan Harrin 67c9decb20 Standardise use of [] vs array() (#4548) 
Credit to @DanHarrin
 2019-08-14 20:46:36 -06:00
RickAcb 0383af6282 Update __isset function to comply with the same checks as __get (#4514) 
Credit to @RickAcb.
 2019-08-04 19:56:15 +08:00
Ayumi Hamasaki 432dd5d91a Add role-form to all forms 2019-07-31 15:46:20 +01:00
Luke Towers 99777f5977 Fix issue with AJAX framework load order on the frontend. 
Partially reverts f4e50ddd1a in response to https://github.com/octobercms/october/pull/4285#issuecomment-513566437. Functionality can be re-added at a later date under an optional parameter added to the {% framework %} tag. Replaces https://github.com/octobercms/october/pull/4469
 2019-07-29 16:30:14 -06:00
Anurat Chapanond 02ba765a9e Added Thai translation (#4472) 
Credit to @anurat.
 2019-07-26 14:52:52 -06:00