Replaces #4965. Rolls back #4895. Fixes#4964. Partially fixes#4819.
The previous attempts to add a stylised "focus" ring, while with the best intentions, did not take into account how "outline" normally works for people using visual aids. Most high contrast software will effect the outline if its available (ie. make it bolder or more prevalant), thus the "outline" property is paramount to maintaining accessibility.
The previous changes also present issues with elements using box-shadows already, and again, on high contrast, box-shadows are no longer rendered.
This change will bring back the outline property for focus, but with an addition to allow a blue highlight for Firefox, would should keep it in "parity" with WebKit.
Refs:
- https://a11yproject.com/posts/never-remove-css-outlines/
- http://www.outlinenone.com
- https://stackoverflow.com/questions/52589391/css-box-shadow-vs-outline
The search input in filters used a local data request to filter options. While this worked fine for most cases, it failed inside modal relations as the relation keys were not being pushed through due to the request not being linked to the relation modal.
This refactors the request to run through the relation modal, emulating the functionality of "data-track-input" to debounce text entry.
Fixes https://github.com/octobercms/october/issues/4775
This fixes#4082 & rainlab/pages-plugin#405. Reverts a previous breaking change from Build 444 (introduced in #3536) by limiting the scope to which it applies.
Cleans up docblocks and makes most helper methods more permissive of incorrectly cased plugin identifiers. Replaces #4838 & #4837. Credit to @mjuavin for the case insensitivity fixes.
This allows the `theme:sync` command to properly sync to specified targets.
Fixes#4887. Replaces #4935. Credit to @bennothommo for the initial implementation.
This PR is an addition to https://github.com/octobercms/october/pull/4193
Re-using the pivotWidget's and manageWidget's models for saving form data fixes https://github.com/rainlab/translate-plugin/issues/209, where translations are not saved for the model when editing it in a relation widget.
I did some manual testing with this change and everything was working as expected: Translations are now properly saved when creating or editing related models with pivot data. Creating related models in `single` mode now works as well.
Credits to @alxy for his previous work on this issue!
Brings mail layouts more in line with the rest of the mail template pieces by loading from the relevant view files when the layout doesn't exist in the database.
Fixes#3595. Replaces #4736. Credit to @SebastiaanKloos for the initial solution.
Also fixes a longstanding issue where dynamically added fields were not considered when refreshing dependant fields.
* add readonly and disabled support to colorpicker
* add support for attributes in colorpicker widget
* Hide default options is disabled and readonly state. Modify styling to be more inline with spectrum disabled state
When uploading file through "CMS"->"Files"->"Add" -> "Upload file(s)", uploaded file doesn't have set file permissions according to "cms.defaultMask.file" from Config.
This patch fixes it so "defaultMask" can be different from umask and file has correctly set its permissions (usefull when required permissions are other than "644") as well as it has files/directories directly created in CMS section.
- Adds quotes around all strings inserted into config files, preventing them from being interpreted as constants.
- Changed all private methods in OctoberEnv.php to protected.
- Updated test to check some config files for expected changes.
This change allows for easy customisation of the relation manager titles and toolbar buttons.
For buttons - define your custom strings directly in the standard `toolbarButtons` syntax...
```
toolbarButtons:
create: acme.blog::lang.subcategory.CreateButtonText
delete: # omit the string to fall back to the default button text
```
...and the old syntax still works...
```
toolbarButtons: create|delete
```
For titles - define different strings for each mode (form, list or pivot)...
```
title:
form: acme.blog::lang.subcategory.FormTitle
list: acme.blog::lang.subcategory.ListTitle
```
This feature provides developer convenience, for example in this situation where I have a relation manager that is used to assign user permissions to a project:
Before
After
This PR contains no breaking changes.
This fix will apply quotes around string environment variables which contain either a single, or double, quote as well as any variables with a hash symbol - escaping any double-quotes encountered. When artisan october:env is run, this should correctly transfer all configuration values from the config files to the .env file.
Fixes#4979.
getLoadValue() was previously using the find method for getting the selected model on load when not using the Record Finder in relation mode.
This means it was searching by the primary key, regardless of whether the keyFrom setting on the Record Finder widget was changed. This has the effect of the keyFrom setting being correctly used to determine the value of the record finder field when a model is selected, but the widget being unable to find the model when it refreshes or reloads.
This change instead searches for the field's value in the column specified for the keyFrom setting, allowing us to use a different identifying column for loading the selected record.
This change removes the default postback handler for the datatable
widget (onSave) and instead relies on the closest form's request
handler. While `onSave` was a safe default, it did not take into account
the relation widget using other handlers.
The table widget will use an explicitly specified handler first, then it
will try and use the form's request handler, before using `onSave` as a
fallback, although this should really never occur.
Fixes#4776.
Don't bother retrieving the translated URL at construction time, it will be run through the translator during the validation process so there's no need to always hit the translator on every single Page model being loaded.
These can be added back in post-Laravel 6 era (> PHP 7.2)
Also removed the defaults since they are no longer needed, supplied by the new objects
Refs #4929
Can be one of three values:
- "default": Shows all repeater items expanded on load.
- "collapsed": Shows all repeater items collapsed on load.
- "accordion": Shows only the first repeater item expanded on load. When another item is clicked, all other open items are collapsed.
Implements #4801. Refs: https://github.com/rainlab/builder-plugin/issues/165, #2631
L5.6 introduced Bootstrap 4 validation. While it is likely our pagination is all custom and is using the Storm UI, just to be safe, we'll make sure pagination is using Bootstrap 3 classes in all circumstances to retain current functionality.
This should have no effect on simple pagination, which is overriden with our custom template on the next line.
This no longer hinges on app.debug because it creates confusion for devops engineers. This is based on three independent reports coming from app environments that use a reverse proxy. The engineer will follow the proper security instructions by disabling debug mode, which in turn creates an infinite redirect loop when opening the back-end area, only to leave them scratching their heads
Ultimately it is the web server configuration's job to handle the enforcement of HTTPS, the app no longer enforces it as a strong opinion, but we still keep the setting available as a convenient security check for standard environments that do not use a reverse proxy
The upgrade to the latest Dropzone.js brought in a new `timeout` configuration variable, which defaults to 30s. This removes the time limit and restores original functionality.
Fixes#4869
Tested #4867 but it broke the use of pressing TAB after entering a tag to lock it in. This seems to retain that functionality and yet still fix the issue
Replaces #4867
This is a complex issues where a "model not found" exception is getting thrown during the `pageAction` cycle, then getting suppressed by the fatal error handler:
try {
// RelationController throws error here
}
catch (Exception $ex) {
$this->controller->handleError($ex);
}
Fixes#4784
- Introduce varcharmax config item, this default eventually should be increased to 255, when MySQL 5.6 support is dropped
- Config item can be kept to retain legacy support
- Only apply to mysql driver, previously was impacting other drivers
- Source true config values, previously was sourcing hard coded "mysql" connection values
Adds an Artisan command "october:passwd" to change the password of a Backend User through CLI. This command may only be run through CLI - it will not work if called through a web handler.
Refs: #3521, #4835. Docs: 1f3bfc719e
This has been benchmarked and appears to have minimal impact on performance and solves unnecessary randomness and race conditions during the app's registration and boot cycle
Fixes#4826
This change should be revisited since it doesn't account for database-based templates which have no file path. Upon revisit, we might want to consider adding this logic in to the afterFetch() event with detection of file based mode, or even at the lower levels where the file is first extracted from the filesystem. TBA
This changes the event log to use a partial for the log message which double-encodes the data. When using formatted view in the log viewer widget, the HTML entites are allowed by decoding back a step. When in raw view, the HTML entities are kept double-encoded.
Fixes#4558.
Logic in ComponentPartial was rolled back and moved to the Controller. Since there are issues with throwing exceptions inside the component partial lookup logic (exceptions are conditionally suppressed), it seems like it would be better to bubble up the security logic to the controller level as a simple base dir security check, which is no longer concerned about any suppression logic. This looks to have logic parity with the previous solution
Refs #4652
This is one step closer to fixing the sorting issues when a scrollbar is present. It still doesn't quite fix the issue, still need to find a way to get the container dimensions to update
Refs https://github.com/rainlab/pages-plugin/issues/384
Refs 1d91c221b0
Similarly named repeater fields being used in viewBag variables were being assigned aliases which succeeded the `strpos` check on line 407. This will more clearly look for a child repeater form and index.
Fixes#4808
Adds a dismissable message to the CMS object code editor indicating that the PHP code section of a CMS object cannot be edited when `cms.enableSafeMode` is `true` (or when debugging is disabled if `null`).
Credit to @mjauvin.
This occurs due to a race condition in the rendering where the scrollbars enable and disable over and over because of a slow height calculation. Giving any height number appears to close the loop by never letting the height resolve to 0
Refs #4632
If the DataTable widget is loaded in a Popup, the .focus() call does not
seem to focus the target element correctly, which leads to the problem,
that the updateCellFromFocusedItem method fails to find the focused
item.
This commit passes the target item along since it is already known.
* Support additional file name and path characters in media manager
When working with abstract file names that may contain additional characters, such as quotes or ampersands, the media manager would throw an error. This PR adds two additional characters to the character whitelist.
* Add unicode filename to tests
When the value is null [id >= ''] an error is thrown, not being an integer, while [id >= null] will return nil results, curiously. Here we emulate infinity by using a large-ish number instead of null. In future if this becomes a problem we may need to resort to multiple condition definitions as a more verbose solution, for example:
- For when both are set (conditions: id >= ':min' and id <= ':max')
- For when min is set (conditionsMin: id >= ':min')
- For when max is set (conditionsMax: id >= ':max')
When ordering is applied externally, ie. by a relation config, the orderBy call in the List widget simply adds an additional field to the ordering clauses, which prevents lists in these scenarios from being re-ordered correctly. This changes the order clause so that the ordering is reset and only the specified column is ordered when the user sorts a column.
Developers can continue to use the `extendQuery` event to do specialised custom ordering if required.
Fixes#4439.
If including the asset extension is important, this can be done by listening to the `system.assets.beforeAddAsset(&$type, &$path, &$attributes)` event introduced in Build 460.
- Allow minimum or maximum to be unspecified, meaning you want everything up to maximum, or everything above minimum.
- Allow for zero values to work
- Tweak display of infinite values
Fixes#3982.
Still need to resolve an issue where if the slave filter has values set when the master filter updates, thus triggering a change of the available options to the slave, the original values are still set on the slave but not actually visible in the popup as options because they're no longer valid options. To fix this we'll need the ability to get the browser to refresh the slave filter's selected values (count icon basically since it already forces the options popup to refresh) when its masters update; while at the same rechecking the slave's scope values set on the server to ensure that they're all valid and there aren't values left over from the previous request that are no longer valid but are still being applied to the query.
Reverts f73d8e6d49. While there are other ways to achieve some of the same end results, this code existed in the code base for 8 months without issues and is included in the official docs. This means that there could be devs that are depending on this behavior. Additionally, while this may make the internal logic to the BackendController class more complex, it simplifies the developer experience by bringing the Backend\Classes\Controller base class more in line with the standard Laravel controller class.
This was a contentious change is generally a bad idea to blanket all requests with a dependant cookie. We will try something else.
Revert enableXsrfCookies setting. Fixes UX issue introduced where the token expires. This should be replaced by a CSRF policy that determines whether this is needed on the front end.
runInternal has been removed because we do not want to blanket our response logic over every single response, only the happy path. This is because it is impossible to remove. So it is better to take the inverted approach, where if you want the CMS' headers in your custom response, add them yourself. This becomes easy via the new makeResponse() method
For some reason it was decided to allow October controllers to support Laravel middleware, this has been reverted because it is a convoluted solution that doesn't respect the original architecture. There are other ways to handle middleware requirements
The original use case appeared to be to simply allow backend controllers to inject headers. This is something easily solvable whilst keeping the simple and original workflow
Credit to @bennothommo. Added `clear-full`, `clear-left`, and `clear-right` CSS classes that can be used to apply clearfixes to form fields by adding them to the field's `cssClass` property
You can now specify an array of "availablePermissions" to the PermissionEditor FormWidget that it will use to further down the list of permissions that are up for managment by the current user.
Calum
Aurélien Roy
Ben Thomson
Đorđe Jocić
4NIK3T
Kallef Alexandre
Mike Robinson
Luke Towers
Ashleigh Sims
Blaž Oražem
Larry Barker
Rike-cz
Szabó Gergő
Dan Harrin
Tobias Kündig
LeMaX10
yfktn
Marc Jauvin
Romain 'Maz' BILLOIR
Samuell
fansaien
Ayumi
Klaas Poortinga
Kmarty
Web-VPF
Fl0Cri
datune
jacobdekeizer
Flynsarmy
Larry Barker
Ben Thomson
Marten
Luke Towers
Samuel Georges
Alwin Drenth
danielbidala
Adrien
Aurélien Roy
Scott Bedard
Nick Khaetsky
Dan Harrin
Philipp Lang
Robin Bonnes
Philipp Fehr
empower-josh
Jim Cottrell
Marek Erben
Tomasz Strojny
Christophe Vuagniaux
Valentijn Evers
Piotr Karecki
36864
nameewgeniy
