Security

Get a configuration accessor for this class. Short hand for Config::inst()->get($this->class, .....).

Allows user code to hook into Object::extend prior to control being delegated to extensions. Each callback will be reset once called.

Allows user code to hook into Object::extend after control being delegated to extensions. Each callback will be reset once called.

An implementation of the factory method, allows you to create an instance of a class

This method first for strong class overloads (singletons & DB interaction), then custom class overloads. If an overload is found, an instance of this is returned rather than the original class. To overload a class, use Object::useCustomClass()

This can be called in one of two ways - either calling via the class directly, or calling on Object and passing the class name as the first parameter. The following are equivalent: $list = DataList::create('SiteTree'); $list = SiteTree::get();

Creates a class instance by the "singleton" design pattern.

It will always return the same instance for this class, which can be used for performance reasons and as a simple way to access instance methods which don't rely on instance data (e.g. the custom SilverStripe static handling).

Create an object from a string representation. It treats it as a PHP constructor without the 'new' keyword. It also manages to construct the object without the use of eval().

Construction itself is done with Object::create(), so that Object::useCustomClass() calls are respected.

Object::create_from_string("Versioned('Stage','Live')") will return the result of Versioned::create('Stage', 'Live);

It is designed for simple, clonable objects. The first time this method is called for a given string it is cached, and clones of that object are returned.

If you pass the $firstArg argument, this will be prepended to the constructor arguments. It's impossible to pass null as the firstArg argument.

Object::create_from_string("Varchar(50)", "MyField") will return the result of Vachar::create('MyField', '50');

Arguments are always strings, although this is a quirk of the current implementation rather than something that can be relied upon.

Parses a class-spec, such as "Versioned('Stage','Live')", as passed to create_from_string().

Returns a 2-elemnent array, with classname and arguments

Similar to Object::create(), except that classes are only overloaded if you set the $strong parameter to TRUE when using Object::useCustomClass()

This class allows you to overload classes with other classes when they are constructed using the factory method Object::create()

If a class has been overloaded, get the class name it has been overloaded with - otherwise return the class name

Get the value of a static property of a class, even in that property is declared protected (but not private), without any inheritance, merging or parent lookup if it doesn't exist on the given class.

No description

No description

No description

No description

No description

No description

Return TRUE if a class has a specified extension.

This supports backwards-compatible format (static Object::has_extension($requiredExtension)) and new format ($object->has_extension($class, $requiredExtension))

Add an extension to a specific class.

The preferred method for adding extensions is through YAML config, since it avoids autoloading the class, and is easier to override in more specific configurations.

As an alternative, extensions can be added to a specific class directly in the Object::$extensions array. See SiteTree::$extensions for examples. Keep in mind that the extension will only be applied to new instances, not existing ones (including all instances created through singleton()).

Remove an extension from a class.

Keep in mind that this won't revert any datamodel additions of the extension at runtime, unless its used before the schema building kicks in (in your _config.php). Doesn't remove the extension from any Object instances which are already created, but will have an effect on new extensions. Clears any previously created singletons through singleton() to avoid side-effects from stale extension information.

Add support for removing extensions with parameters

No description

No description

No description

Attemps to locate and call a method dynamically added to a class at runtime if a default cannot be located

You can add extra methods to a class using Extensions}, {@link Object::createMethod() or Object::addWrapperMethod()

Return TRUE if a method exists on this object

This should be used rather than PHP's inbuild method_exists() as it takes into account methods added via extensions

Return the names of all the methods available on this object

Add methods from the ViewableData::$failover object, as well as wrapping any methods prefixed with an underscore into a ViewableData::cachedCall().

No description

Add all the methods from an object property (which is an Extension) to this object.

Add all the methods from an object property (which is an Extension) to this object.

Add a wrapper method - a method which points to another method with a different name. For example, Thumbnail(x) can be wrapped to generateThumbnail(x)

Add an extra method using raw PHP code passed as a string

No description

No description

No description

Return true if this object "exists" i.e. has a sensible value

This method should be overriden in subclasses to provide more context about the classes state. For example, a DataObject class could return false when it is deleted from the database

No description

Check if this class is an instance of a specific class, or has that class as one of its parents

No description

Calls a method if available on both this object and all applied Extensions, and then attempts to merge all results into an array

integrate inheritance rules

Run the given function on all of this object's extensions. Note that this method originally returned void, so if you wanted to return results, you're hosed

Currently returns an array, with an index resulting every time the function is called. Only adds returns if they're not NULL, to avoid bogus results from methods just defined on the parent extension. This is important for permission-checks through extend, as they use min() to determine if any of the returns is FALSE. As min() doesn't do type checking, an included NULL return would fail the permission checks.

The extension methods are defined during __construct()} in {@link defineMethods().

Get an extension instance attached to this object by name.

Returns TRUE if this object instance has a specific extension applied in $extension_instances. Extension instances are initialized at constructor time, meaning if you use add_extension() afterwards, the added extension will just be added to new instances of the extended class. Use the static method has_extension() to check if a class (not an instance) has a specific extension.

Caution: Don't use singleton()->hasExtension() as it will give you inconsistent results based on when the singleton was first accessed.

Get all extension instances for this specific object instance.

See get_extensions() to get all applied extension classes for this class (not the instance).

Cache the results of an instance method in this object to a file, or if it is already cache return the cached results

Clears the cache for the given cacheToFile call

Loads a cache from the filesystem if a valid on is present and within the specified lifetime

Save a piece of cached data to the file system

Strip a file name of special characters so it is suitable for use as a cache file name

Converts a field spec into an object creator. For example: "Int" becomes "new Int($fieldName);" and "Varchar(50)" becomes "new Varchar($fieldName, 50);".

Convert a field schema (e.g. "Varchar(50)") into a casting object creator array that contains both a className and castingHelper constructor code. See castingObjectCreator for more information about the constructor.

Check if a field exists on this object or its failover.

Get the value of a property/field on this object. This will check if a method called get{$property} exists, then check if a field is available using ViewableData::getField(), then fall back on a failover object.

Set a property/field on this object. This will check for the existence of a method called set{$property}, then use the ViewableData::setField() method.

Set a failover object to attempt to get data from if it is not present on this object.

Get the current failover object if set

Check if a field exists on this object. This should be overloaded in child classes.

Get the value of a field on this object. This should be overloaded in child classes.

Set a field on this object. This should be overloaded in child classes.

Method to facilitate deprecation of underscore-prefixed methods automatically being cached.

Merge some arbitrary data in with this object. This method returns a ViewableData_Customised instance with references to both this and the new custom data.

Note that any fields you specify will take precedence over the fields on this object.

No description

No description

Get the class a field on this object would be casted to, as well as the casting helper for casting a field to an object (see ViewableData::castingHelper() for information on casting helpers).

The returned array contains two keys:

• className: the class the field would be casted to (e.g. "Varchar")
• castingHelper: the casting helper for casting the field (e.g. "return new Varchar($fieldName)")

Return the "casting helper" (a piece of PHP code that when evaluated creates a casted value object) for a field on this object.

Get the class name a field on this object will be casted to

Return the string-format type for the given field.

Save the casting cache for this object (including data from any failovers) into a variable

Render this object into the template, and get the result as a string. You can pass one of the following as the $template parameter:

• a template name (e.g. Page)
• an array of possible template names - the first valid one will be used
• an SSViewer instance

Generate the cache name for a field

Get a cached value from the field cache

Store a value in the field cache

Get the value of a field on this object, automatically inserting the value into any available casting objects that have been specified.

A simple wrapper around ViewableData::obj() that automatically caches the result so it can be used again without re-running the method.

Checks if a given method/field has a valid value. If the result is an object, this will return the result of the exists method, otherwise will check if the result is not just an empty paragraph tag.

Get the string value of a field on this object that has been suitable escaped to be inserted directly into a template.

Return the value of the field without any escaping being applied.

Return the value of a field in an SQL-safe format.

Return the value of a field in a JavaScript-save format.

Return the value of a field escaped suitable to be inserted into an XML node attribute.

Get an array of XML-escaped values by field name

Return a single-item iterator so you can iterate over the fields of a single record.

This is useful so you can use a single record inside a <% control %> block in a template - and then use to access individual fields on this object.

When rendering some objects it is necessary to iterate over the object being rendered, to do this, you need access to itself.

Return the directory if the current active theme (relative to the site root).

This method is useful for things such as accessing theme images from your template without hardcoding the theme page - e.g. .

This method should only be used when a theme is currently active. However, it will fall over to the current project directory.

Get part of the current classes ancestry to be used as a CSS class.

This method returns an escaped string of CSS classes representing the current classes ancestry until it hits a stop point - e.g. "Page DataObject ViewableData".

Return debug information about this object that can be rendered into a template

Set the DataModel for this request.

Executes this controller, and return an SS_HTTPResponse object with the result.

This method first does a few set-up activities:

• Push this controller ont to the controller stack - see Controller::curr() for information about this.
• Call init()
• Defer to RequestHandler->handleRequest() to determine which action should be executed

Note: $requestParams['executeForm'] support was removed, make the following change in your URLs: "/?executeForm=FooBar" -> "/FooBar" Also make sure "FooBar" is in the $allowed_actions of your controller class.

Note: You should rarely need to overload run() - this kind of change is only really appropriate for things like nested controllers - ModelAsController} and {@link RootURLController are two examples here. If you want to make more orthodox functionality, it's better to overload init()} or {@link index().

Important: If you are going to overload handleRequest, make sure that you start the method with $this->pushCurrent() and end the method with $this->popCurrent(). Failure to do this will create weird session errors.

No description

Controller's default action handler. It will call the method named in $Action, if that method exists.

If $Action isn't given, it will use "index" as a default.

Get a array of allowed actions defined on this controller, any parent classes or extensions.

Caution: Since 3.1, allowed_actions definitions only apply to methods on the controller they're defined on, so it is recommended to use the $class argument when invoking this method.

Checks if this request handler has a specific action, even if the current user cannot access it.

Includes class ancestry and extensions in the checks.

Return the class that defines the given action, so that we know where to check allowed_actions.

Overrides RequestHandler to also look at defined templates

Check that the given action is allowed to be called from a URL.

It will interrogate self::$allowed_actions to determine this.

Throws a HTTP error response encased in a SS_HTTPResponse_Exception, which is later caught in RequestHandler::handleAction() and returned to the user.

Returns the SS_HTTPRequest object that this controller is using.

Returns a placeholder NullHTTPRequest object unless handleAction()} or {@link handleRequest() have been called, which adds a reference to an actual SS_HTTPRequest object.

Typically the request is set through handleAction() or handleRequest(), but in some based we want to set it manually.

Get a link to a security action

Initialisation function that is run before any action on the controller is called.

No description

No description

Returns the SS_HTTPResponse object that this controller is building up.

Can be used to set the status code and headers

Sets the SS_HTTPResponse object that this controller is building up.

Return the object that is going to own a form that's being processed, and handle its execution.

Note that the result needn't be an actual controller object.

This is the default action handler used if a method doesn't exist.

It will process the controller object with the template returned by getViewer()

Returns the action that is being executed on this controller.

Return an SSViewer object to process the data

Removes all the "action" part of the current URL and returns the result.

If no action parameter is present, returns the full URL

Returns TRUE if this controller has a template that is specifically designed to handle a specific action.

Render the current controller with the templates determined by getViewer().

Call this to disable site-wide basic authentication for a specific contoller.

This must be called before Controller::init(). That is, you must call it in your controller's init method before it calls parent::init().

Returns the current controller

Tests whether we have a currently active controller or not

Returns true if the member is allowed to do the given action.

Pushes this controller onto the stack of current controllers.

This means that any redirection, session setting, or other things that rely on Controller::curr() will now write to this controller object.

Pop this controller off the top of the stack.

Redirect to the given URL.

Redirect back. Uses either the HTTP_REFERER or a manually set request-variable called "BackURL".

This variable is needed in scenarios where not HTTP-Referer is sent ( e.g when calling a page by location.href in IE). If none of the two variables is available, it will redirect to the base URL (see Director::baseURL()).

Tests whether a redirection has been requested.

Get the Session object representing this Controller's session

Set the Session object.

Joins two or more link segments together, putting a slash between them if necessary.

Use this for building the results of Link() methods. If either of the links have query strings, then they will be combined and put at the end of the resulting url.

Caution: All parameters are expected to be URI-encoded already.

Defines global accessible templates variables.

Get location of word list file

Set location of word list file

Set the default message set used in permissions failures.

Register that we've had a permission failure trying to view the given page

This will redirect to a login page. If you don't provide a messageSet, a default will be used.

No description

Get the selected authenticator for this request

Get the login form to process according to the submitted data

Get the login forms for all available authentication methods

Check how to activate/deactivate authentication methods

This action is available as a keep alive, so user sessions don't timeout. A common use is in the admin.

Log the currently logged in user out

Perform pre-login checking and prepare a response if available prior to login

Prepare the controller for handling the response to this request

Determine the list of templates to use for rendering the given action

Combine the given forms into a formset with a tabbed interface

Get the HTML Content for the $Content area during login

Show the "login" page

For multiple authenticators, Security_MultiAuthenticatorLogin is used. See getTemplatesFor and getIncludeTemplate for how to override template logic

No description

Show the "lost password" page

Factory method for the lost password form

Show the "password sent" page, after a user has requested to reset their password.

Create a link to the password reset form.

GET parameters used:

• m: member ID
• t: plaintext token

Show the "change password" page.

This page can either be called directly by logged-in users (in which case they need to provide their old password), or through a link emailed through lostpassword(). In this case no old password is required, authentication is ensured through the Member.AutoLoginHash property.

Factory method for the lost password form

Gets the template for an include used for security.

For use in any subclass.

Return an existing member with administrator privileges, or create one of necessary.

Will create a default 'Administrators' group if no group is found with an ADMIN permission. Will create a new 'Admin' member with administrative permissions if no existing Member with these permissions is found.

Important: Any newly created administrator accounts will NOT have valid login credentials (Email/Password properties), which means they can't be used for login purposes outside of any default credentials set through Security::setDefaultAdmin().

Flush the default admin credentials

Set a default admin in dev-mode

This will set a static default-admin which is not existing as a database-record. By this workaround we can test pages in dev-mode with a unified login. Submitted login-credentials are first checked against this static information in Security::authenticate().

Checks if the passed credentials are matching the default-admin.

Compares cleartext-password set through Security::setDefaultAdmin().

Check that the default admin account has been set.

Get default admin username

Get default admin password

Set strict path checking

This prevents sharing of the session across several sites in the domain.

Get strict path checking

Set the password encryption algorithm

No description

Encrypt a password according to the current password encryption settings.

If the settings are so that passwords shouldn't be encrypted, the result is simple the clear text password with an empty salt except when a custom algorithm ($algorithm parameter) was passed.

Checks the database is in a state to perform security checks.

See DatabaseAdmin->init() for more information.

Enable or disable recording of login attempts through the LoginRecord object.

No description

No description

Get the default login dest.

Set to true to ignore access to disallowed actions, rather than returning permission failure Note that this is just a flag that other code needs to check with Security::ignore_disallowed_actions()

No description

Set a custom log-in URL if you have built your own log-in page.

Get the URL of the log-in page.

To update the login url use the "Security.login_url" config setting.

Get the URL of the logout page.

To update the logout url use the "Security.logout_url" config setting.

Get the URL of the logout page.

To update the logout url use the "Security.logout_url" config setting.