TPS
/
ORIENT
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
4,991 Commits 3 Branches 0 Tags 78 MiB
Commit Graph

192 Commits

Author SHA1 Message Date
Samuel Georges ff8f899fbe Move response common functions to ResponseMaker trait 2019-11-02 18:21:22 +11:00
Samuel Georges b1fa45ee3a Combine common CSRF logic to a trait 2019-11-02 15:15:18 +11:00
Samuel Georges 49d68f0671 Cookies are no longer serialized 
Based on update to library 09e859a13e we no longer serialize cookies, so the decrypter no longer needs to apply a serialization layer
 2019-11-02 14:52:00 +11:00
Luke Towers 959b85f56c Add cms.enableXsrfCookies config value (default true) to configure whether or not the XSRF cookie is automatically sent or if CSRF tokens are solely relied on. 
Related: https://github.com/octobercms/october/pull/4701#issuecomment-547773385 & https://github.com/laravel/framework/pull/24726
 2019-10-30 08:08:54 -06:00
Luke Towers 457466c5af Fix typehint 2019-10-29 16:33:49 -06:00
Luke Towers eb4648972f Ensure that the XSRF cookie can always be added to the response, no matter the source of the response 2019-10-28 13:33:07 -06:00
Luke Towers 096ccf875d Implement suggestions from @bennothommo 2019-10-28 12:58:07 -06:00
Samuel Georges f542ca8e90 Implement XSRF checking for AJAX handlers 
Refs #4699
Refs #4701
 2019-10-24 20:19:20 +11:00
Luke Towers d31006ae1a Return 403 response on CSRF fail instead of silently failing 
Also moved backend::lang.page.invalid_token.label to system::lang.page.invalid_token.label. Fixes
 2019-10-06 23:21:08 -06:00
Ben Thomson 0240c21af6 Fail CSRF token checks if the session expires. (#4598) 
Fixes #4595. Credit to @bennothommo
 2019-09-04 21:33:10 -06:00
Dan Harrin 9521dd795c Minor Formatting Corrections in Usage Comments (#4541) 
Credit to @DanHarrin
 2019-08-15 09:14:54 -06:00
Dan Harrin 967fd02d8c Fix minor spelling errors and inconsistencies (#4543) 
Credit to @DanHarrin.
 2019-08-15 11:39:26 +08:00
Ben Thomson a59d3b83eb Code quality clean up (#4449) 
Credit to @bennothommo
 2019-07-18 08:50:37 -06:00
Luke Towers 46c867e4b5 Improve API docs 
Resolves #4214
 2019-06-12 00:33:30 -06:00
Luke Towers 7c7ff31cd6 Return 404 when attempting to access /error directly in production 
Replaces #2212
 2019-04-19 15:29:00 -06:00
Luke Towers c86bec7f08 Replace deprecated Twig class references, refs: #4209. 2019-03-27 13:15:17 -06:00
Luke Towers 900220b079 Documented more inline events: 
cms.page.beforeDisplay
cms.page.display
cms.page.init
cms.page.beforeRenderPage
cms.page.start
cms.page.end
cms.page.postprocess
cms.page.initComponents
cms.page.render
cms.page.beforeRenderPartial
cms.page.renderPartial
cms.page.beforeRenderContent
cms.page.renderContent
 2018-10-11 20:10:28 -06:00
Alexander Shapoval 709790a05d Added method getLayout() to Controller (#3765) 
Credit to @ebashu-on-holidays
 2018-09-09 18:55:10 -06:00
Nathan van der Werf 8fd16d4db6
Merge branch 'develop' into feature/cleanup 
# Conflicts:
#	modules/backend/formwidgets/FileUpload.php
 2018-08-24 19:52:54 +02:00
Nathan van der Werf 0f0d108da0
Remove unused imports 2018-08-24 19:51:59 +02:00
Nathan van der Werf 66fa03f17e
Revert "Remove unused imports" 
This reverts commit 742a5f415b.
 2018-08-24 19:40:40 +02:00
Luke Towers 1032fd0cc1 Added more inline API event docs: 
Added docs for:
cms.component.beforeRunAjaxHandler
cms.component.runAjaxHandler

Improved docs for:
cms.ajax.beforeRunHandler
 2018-08-18 09:05:38 -06:00
Nathan van der Werf 8b6f11e6ac Extract child instructions 2018-08-15 19:25:42 +02:00
Nathan van der Werf 62c59a4903 Refactor ternary operators to null coalescing operators 2018-08-15 19:15:13 +02:00
Nathan van der Werf a3d7a028b4 Replace is_null with "=== null" comparison 2018-08-15 18:54:46 +02:00
Nathan van der Werf 77b6f07291 Modify conditions to use elvis operators 2018-08-15 18:53:11 +02:00
Nathan van der Werf 123145fd54 Remove unnecessary parentheses 2018-08-15 18:49:52 +02:00
Nathan van der Werf 02bd38cfb1 Merge if constructs 2018-08-15 18:45:37 +02:00
Nathan van der Werf 3a918ad200 Remove "null" assignments 2018-08-15 18:33:24 +02:00
Nathan van der Werf 742a5f415b Remove unused imports 2018-08-15 18:27:36 +02:00
Luke Towers 92e346296e Added cms.ajax.beforeRunHandler event 2018-04-19 10:26:50 -06:00
Arthur Kushman c78b3ef786 Code formatting changes (#3363) 
Code formatting improvements submitted by @arthurkushman.
 2018-03-22 10:55:13 -06:00
Matteo 678916854e Add config to enable Twig strict_variables (#3370) 
Adds the cms.enableTwigStrictVariables config option to enable strict_variables in Twig for debugging purposes. See https://twig.symfony.com/doc/2.x/api.html#environment-options. Credit to @matteotrubini
 2018-01-26 10:59:45 -06:00
Samuel Georges e6de2a5521 Fixes exception on empty token 2017-11-02 19:53:20 +11:00
Samuel Georges 4a6e0e1e0e Implement CSRF token by default 
Implement CSRF protection on CMS for postback handling
 2017-10-30 09:00:17 +11:00
Luke Towers 08f9cd8448 Moved the |media twig filter from the CMS module to the System module 2017-09-27 22:15:01 -06:00
Samuel Georges 96d0535d09 Add generic onAjax handler that does nothing 2017-07-29 22:55:58 +10:00
Samuel Georges 1db67af8e8 Merge remote-tracking branch 'remotes/origin/develop' into l55upgrade 
Conflicts:
	modules/system/lang/en/lang.php
 2017-07-11 10:48:54 +10:00
Max Schmitt aeba740243 Add getStatusCode() in Cms\Classes\Controller (#2959) 
Related: #2953. Provide a method to access the current statusCode of a CMS controller.
 2017-07-08 08:53:08 -06:00
Samuel Georges d1c160f9dc Check both instances to fix #1854 
It appears there is no way around this. All directories should be lower case in October, prior to this, October wanted uppercase characters. Make up your mind guy, come on! ;-)
 2017-07-01 12:26:55 +10:00
Samuel Georges 87f8f8feb1 Fixes inconsistency in component partial folder names 
This is a breaking change that will require further attention - refs #1854

Eg: myComponent, the default component partial would use lower case folders
- /plugins/acme/test/components/mycomponent/default.htm

The theme component partial override would use case sensitive folders
- /themes/foobar/partials/myComponent/default.htm

This is fixed as
- /themes/foobar/partials/mycomponent/default.htm

Minor code fix to ModelBehavior class
 2017-06-27 05:34:13 +10:00
Quezler cc17b679f1 Code dusting (#2826) 
Code cleaning according to PSR-2 w/ exemptions (mostly dust).
 2017-04-24 21:38:19 +10:00
Samuel Georges b2301a8056 Add new config cms.forceBytecodeInvalidation 
Refs #2385
 2017-01-31 07:23:58 +11:00
Samuel Georges 60c322cf46 Add note from #2620 2017-01-21 11:30:19 +11:00
Luke Towers 8fcc80b9e1 Support nested components 
This adds proper support for nested components by saving the value of the existing component context and restoring it after rendering the desired component. Fixes octobercms/october#2619
 2017-01-20 14:34:48 -06:00
Samuel Georges 0a2b343047 Simplify system events 
This pipes all event calls through a new EventEmitter trait, which substitutes the October Rain event emitter trait. The view event has been moved to this trait also.
Pass some variables by reference to allow multi-extension.
Fixes #2420
 2016-12-10 09:02:06 +11:00
Samuel Georges 1bdedb5584 Add renderPartial event to match renderContent 
Fixes #2519
Fixes #2533
 2016-12-09 08:15:32 +11:00
Samuel Georges 10326c2d63 Framework supports passing a "flash" option 
This will request the Flash contents, if they are available. It also clears the flash bag contents, which is why this is an optional feature.
Introduced "ajaxValidation" event for capturing all invalid fields at once
 2016-11-18 07:39:54 +11:00
Samuel Georges c8d8d4e931 Introduce new Cms helper 
This is modeled after the Backend helper. Primarily used to generate URLs for the frontend, these are piped through the CmsController action. It would also be a good place to add a hook, if necessary later.
 2016-08-20 14:43:49 +10:00
Samuel Georges 3698f13acb URL -> Url 2016-08-20 14:26:21 +10:00