Merge remote-tracking branch 'security/3.5.4' into 3.6.0

silverstripe · May 29, 2017 · a32988f · a32988f
2 parents 9da75ef + 6475ac9
commit a32988f
Show file tree

Hide file tree

Showing 7 changed files with 96 additions and 65 deletions.
diff --git a/.editorconfig b/.editorconfig
@@ -8,7 +8,7 @@ root = true
 charset = utf-8
 end_of_line = lf
 indent_size = 4
-indent_style = tab
+indent_style = space
 insert_final_newline = true
 trim_trailing_whitespace = true
 

diff --git a/index.php b/index.php
@@ -15,34 +15,36 @@
  */
 
 // This is the URL of the script that everything must be viewed with.
-define('BASE_SCRIPT_URL','index.php/');
+define('BASE_SCRIPT_URL', 'index.php/');
 
 $ruLen = strlen($_SERVER['REQUEST_URI']);
 $snLen = strlen($_SERVER['SCRIPT_NAME']);
 
 $isIIS = (strpos($_SERVER['SERVER_SOFTWARE'], 'Microsoft-IIS') !== false);
 
 // IIS will populate server variables using one of these two ways
-if($isIIS) {
-	if($_SERVER['REQUEST_URI'] == $_SERVER['SCRIPT_NAME']) {
-		$url = "";
-	} else if($ruLen > $snLen && substr($_SERVER['REQUEST_URI'],0,$snLen+1) == ($_SERVER['SCRIPT_NAME'] . '/')) {
-		$url = substr($_SERVER['REQUEST_URI'],$snLen+1);
-		$url = strtok($url, '?');
-	} else {
-		$url = $_SERVER['REQUEST_URI'];
-		if($url[0] == '/') $url = substr($url,1);
-		$url = strtok($url, '?');
-	}
+if ($isIIS) {
+    if ($_SERVER['REQUEST_URI'] == $_SERVER['SCRIPT_NAME']) {
+        $url = "";
+    } elseif ($ruLen > $snLen && substr($_SERVER['REQUEST_URI'], 0, $snLen + 1) == ($_SERVER['SCRIPT_NAME'] . '/')) {
+        $url = substr($_SERVER['REQUEST_URI'], $snLen+1);
+        $url = strtok($url, '?');
+    } else {
+        $url = $_SERVER['REQUEST_URI'];
+        if ($url[0] == '/') {
+            $url = substr($url, 1);
+        }
+        $url = strtok($url, '?');
+    }
 
 // Apache will populate the server variables this way
 } else {
-	if($ruLen > $snLen && substr($_SERVER['REQUEST_URI'],0,$snLen+1) == ($_SERVER['SCRIPT_NAME'] . '/')) {
-		$url = substr($_SERVER['REQUEST_URI'],$snLen+1);
-		$url = strtok($url, '?');
-	} else {
-		$url = "";
-	}
+    if ($ruLen > $snLen && substr($_SERVER['REQUEST_URI'], 0, $snLen+1) == ($_SERVER['SCRIPT_NAME'] . '/')) {
+        $url = substr($_SERVER['REQUEST_URI'], $snLen+1);
+        $url = strtok($url, '?');
+    } else {
+        $url = "";
+    }
 }
 
 $_GET['url'] = $_REQUEST['url'] = $url;
@@ -53,14 +55,14 @@
  * This code is a very simple wrapper for sending files
  * Very quickly pass through references to files
  */
-if($url && file_exists($fileName)) {
-	$fileURL = (dirname($_SERVER['SCRIPT_NAME'])=='/'?'':dirname($_SERVER['SCRIPT_NAME'])) . '/' . $url;
-	if(isset($_SERVER['QUERY_STRING'])) {
-		$fileURL .= '?' . $_SERVER['QUERY_STRING'];
-	}
-	header($_SERVER['SERVER_PROTOCOL'] . ' 301 Moved Permanently');
-	header("Location: $fileURL");
-	die();
+if ($url && file_exists($fileName)) {
+    $fileURL = (dirname($_SERVER['SCRIPT_NAME'])=='/'?'':dirname($_SERVER['SCRIPT_NAME'])) . '/' . $url;
+    if (isset($_SERVER['QUERY_STRING'])) {
+        $fileURL .= '?' . $_SERVER['QUERY_STRING'];
+    }
+    header($_SERVER['SERVER_PROTOCOL'] . ' 301 Moved Permanently');
+    header("Location: $fileURL");
+    die();
 }
 
-require_once('framework/main.php');
+require_once 'framework/main.php';
diff --git a/install.php b/install.php
@@ -9,5 +9,8 @@
  ************************************************************************************
  ************************************************************************************/
 
-if (!file_exists('framework') || !file_exists('framework/_config.php')) include "install-frameworkmissing.html";
-else include('./framework/dev/install/install.php');
+if (!file_exists('framework') || !file_exists('framework/_config.php')) {
+    include 'install-frameworkmissing.html';
+} else {
+    include './framework/dev/install/install.php';
+}
diff --git a/mysite/_config.php b/mysite/_config.php
@@ -6,7 +6,7 @@
 global $database;
 $database = '';
 
-require_once('conf/ConfigureFromEnv.php');
+require_once 'conf/ConfigureFromEnv.php';
 
 // Set the site locale
-i18n::set_locale('en_US');
+i18n::set_locale('en_US');
diff --git a/mysite/code/Page.php b/mysite/code/Page.php
@@ -1,37 +1,10 @@
 <?php
-class Page extends SiteTree {
 
-	private static $db = array(
-	);
-
-	private static $has_one = array(
-	);
-
-}
-class Page_Controller extends ContentController {
-
-	/**
-	 * An array of actions that can be accessed via a request. Each array element should be an action name, and the
-	 * permissions or conditions required to allow the user to access it.
-	 *
-	 * <code>
-	 * array (
-	 *     'action', // anyone can access this action
-	 *     'action' => true, // same as above
-	 *     'action' => 'ADMIN', // you must have ADMIN permissions to access this action
-	 *     'action' => '->checkAction' // you can only access this action if $this->checkAction() returns true
-	 * );
-	 * </code>
-	 *
-	 * @var array
-	 */
-	private static $allowed_actions = array (
-	);
-
-	public function init() {
-		parent::init();
-		// You can include any CSS or JS required by your project here.
-		// See: http://doc.silverstripe.org/framework/en/reference/requirements
-	}
+class Page extends SiteTree
+{
+    private static $db = array(
+    );
 
+    private static $has_one = array(
+    );
 }
diff --git a/mysite/code/Page_Controller.php b/mysite/code/Page_Controller.php
@@ -0,0 +1,29 @@
+<?php
+
+class Page_Controller extends ContentController
+{
+    /**
+     * An array of actions that can be accessed via a request. Each array element should be an action name, and the
+     * permissions or conditions required to allow the user to access it.
+     *
+     * <code>
+     * array (
+     *     'action', // anyone can access this action
+     *     'action' => true, // same as above
+     *     'action' => 'ADMIN', // you must have ADMIN permissions to access this action
+     *     'action' => '->checkAction' // you can only access this action if $this->checkAction() returns true
+     * );
+     * </code>
+     *
+     * @var array
+     */
+    private static $allowed_actions = array(
+    );
+
+    public function init()
+    {
+        parent::init();
+        // You can include any CSS or JS required by your project here.
+        // See: http://doc.silverstripe.org/framework/en/reference/requirements
+    }
+}
diff --git a/phpcs.xml.dist b/phpcs.xml.dist
@@ -0,0 +1,24 @@
+<?xml version="1.0"?>
+<ruleset name="SS3">
+    <description>Coding standard for SilverStripe 3.x</description>
+
+    <!-- Don't sniff third party libraries -->
+    <exclude-pattern>*/vendor/*</exclude-pattern>
+    <exclude-pattern>*/thirdparty/*</exclude-pattern>
+
+    <!-- Show progress and output sniff names on violation, and add colours -->
+    <arg value="sp"/>
+    <arg name="colors"/>
+
+    <!-- Use PSR-2 as a base standard -->
+    <rule ref="PSR2">
+        <!-- Allow classes to not declare a namespace -->
+        <exclude name="PSR1.Classes.ClassDeclaration.MissingNamespace"/>
+
+        <!-- Allow underscores in class names -->
+        <exclude name="Squiz.Classes.ValidClassName.NotCamelCaps"/>
+
+        <!-- Allow non camel cased method names -->
+        <exclude name="PSR1.Methods.CamelCapsMethodName.NotCamelCaps"/>
+    </rule>
+</ruleset>