mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
Merge branch '3.6' into 3
This commit is contained in:
commit
21d2e5cad1
@ -300,7 +300,7 @@ abstract class ModelAdmin extends LeftAndMain {
|
||||
// Normalize models to have their model class in array key
|
||||
foreach($models as $k => $v) {
|
||||
if(is_numeric($k)) {
|
||||
$models[$v] = array('title' => singleton($v)->i18n_singular_name());
|
||||
$models[$v] = array('title' => singleton($v)->i18n_plural_name());
|
||||
unset($models[$k]);
|
||||
}
|
||||
}
|
||||
|
19
docs/en/04_Changelogs/3.4.6.md
Normal file
19
docs/en/04_Changelogs/3.4.6.md
Normal file
@ -0,0 +1,19 @@
|
||||
# 3.4.6
|
||||
|
||||
<!--- Changes below this line will be automatically regenerated -->
|
||||
|
||||
## Change Log
|
||||
|
||||
### Security
|
||||
|
||||
* 2017-05-24 [41270fc](https://github.com/silverstripe/silverstripe-cms/commit/41270fcf9980c4be2529d2750c717675548eb617) Only allow HTTP(S) links for external redirector pages (Daniel Hensby) - See [ss-2017-003](http://www.silverstripe.org/download/security-releases/ss-2017-003)
|
||||
* 2017-05-09 [447ce0f](https://github.com/silverstripe/silverstripe-framework/commit/447ce0f84f880c2bc969a89e4be528c53caeabe0) Lock out users who dont exist in the DB (Daniel Hensby) - See [ss-2017-002](http://www.silverstripe.org/download/security-releases/ss-2017-002)
|
||||
* 2017-05-09 [61cf72c](https://github.com/silverstripe/silverstripe-cms/commit/61cf72c08dafddef416d73f943ccd45e70c5d43d) Unescaped fields in CMSPageHistroyController::compare() (Daniel Hensby) - See [ss-2017-004](http://www.silverstripe.org/download/security-releases/ss-2017-004)
|
||||
|
||||
### Bugfixes
|
||||
|
||||
* 2017-05-28 [16a74bc](https://github.com/silverstripe/silverstripe-framework/commit/16a74bc8a9fdee7cfb4f6f24493c271f90a76341) DataDifferencer needs to expliclty cast HTMLText values (Daniel Hensby)
|
||||
* 2017-05-03 [2d138b0](https://github.com/silverstripe/silverstripe-framework/commit/2d138b0ef06bd93958cc0678a0afa95560648fb9) class name reference consistency (Gregory Smirnov)
|
||||
* 2017-04-24 [1d36f35](https://github.com/silverstripe/silverstripe-framework/commit/1d36f354e8349616c7b39fcade859fbcf0f9c362) Create Image_Cached with Injector. (Gregory Smirnov)
|
||||
* 2017-02-15 [3072591](https://github.com/silverstripe/silverstripe-framework/commit/30725916dbb0ffc66b77f26c069a86581636ae55) Array to string conversion message after CSV export (#6622) (Juan van den Anker)
|
||||
* 2017-02-14 [7122e1f](https://github.com/silverstripe/silverstripe-framework/commit/7122e1fde79bdb9aad3c8714a6ce02b7ecedd735) Comments ignored by classmanifest (#6619) (Daniel Hensby)
|
28
docs/en/04_Changelogs/3.5.4.md
Normal file
28
docs/en/04_Changelogs/3.5.4.md
Normal file
@ -0,0 +1,28 @@
|
||||
# 3.5.4
|
||||
|
||||
<!--- Changes below this line will be automatically regenerated -->
|
||||
|
||||
## Change Log
|
||||
|
||||
### Security
|
||||
|
||||
* 2017-05-24 [41270fc](https://github.com/silverstripe/silverstripe-cms/commit/41270fcf9980c4be2529d2750c717675548eb617) Only allow HTTP(S) links for external redirector pages (Daniel Hensby) - See [ss-2017-003](http://www.silverstripe.org/download/security-releases/ss-2017-003)
|
||||
* 2017-05-09 [447ce0f](https://github.com/silverstripe/silverstripe-framework/commit/447ce0f84f880c2bc969a89e4be528c53caeabe0) Lock out users who dont exist in the DB (Daniel Hensby) - See [ss-2017-002](http://www.silverstripe.org/download/security-releases/ss-2017-002)
|
||||
* 2017-05-09 [61cf72c](https://github.com/silverstripe/silverstripe-cms/commit/61cf72c08dafddef416d73f943ccd45e70c5d43d) Unescaped fields in CMSPageHistroyController::compare() (Daniel Hensby) - See [ss-2017-004](http://www.silverstripe.org/download/security-releases/ss-2017-004)
|
||||
|
||||
### Bugfixes
|
||||
|
||||
* 2017-05-28 [16a74bc](https://github.com/silverstripe/silverstripe-framework/commit/16a74bc8a9fdee7cfb4f6f24493c271f90a76341) DataDifferencer needs to expliclty cast HTMLText values (Daniel Hensby)
|
||||
* 2017-05-08 [1454072](https://github.com/silverstripe/silverstripe-cms/commit/14540729caa30dd2e782e4fd52afe518dc156ed8) Use framework 3.5 to test cms 3.5 (Sam Minnee)
|
||||
* 2017-05-03 [2d138b0](https://github.com/silverstripe/silverstripe-framework/commit/2d138b0ef06bd93958cc0678a0afa95560648fb9) class name reference consistency (Gregory Smirnov)
|
||||
* 2017-05-02 [2187c16](https://github.com/silverstripe/silverstripe-framework/commit/2187c160b936620621fe746a1ffe36af568b21ff) ing pagination api doc typo (3Dgoo)
|
||||
* 2017-04-28 [a511e35](https://github.com/silverstripe/silverstripe-framework/commit/a511e3511cace405dab7589a3406a0858cb6edf2) #6855: Mangled JS in Requirements, escaping replacement values prior to passing to preg_replace(). (Patrick Nelson)
|
||||
* 2017-04-24 [1d36f35](https://github.com/silverstripe/silverstripe-framework/commit/1d36f354e8349616c7b39fcade859fbcf0f9c362) Create Image_Cached with Injector. (Gregory Smirnov)
|
||||
* 2017-04-07 [55eb7eb](https://github.com/silverstripe/silverstripe-framework/commit/55eb7ebdcc9ba767f978dff510614bbd2e0c309d) Do not insert requirements more than once in includeInHTML (Robbie Averill)
|
||||
* 2017-04-05 [a7920b1](https://github.com/silverstripe/silverstripe-framework/commit/a7920b1f9866b6eb5f4bad9de84eef84b88673ad) regression from #6668 - ModelAdmin form widths (Loz Calver)
|
||||
* 2017-04-05 [197bc53](https://github.com/silverstripe/silverstripe-framework/commit/197bc53c4963898d2c10621ca6d6031fdb14fe85) Add transparency percent argument to Image::generatePad to ensure transparency works from ::Pad (Robbie Averill)
|
||||
* 2017-02-15 [3072591](https://github.com/silverstripe/silverstripe-framework/commit/30725916dbb0ffc66b77f26c069a86581636ae55) Array to string conversion message after CSV export (#6622) (Juan van den Anker)
|
||||
* 2017-02-14 [7122e1f](https://github.com/silverstripe/silverstripe-framework/commit/7122e1fde79bdb9aad3c8714a6ce02b7ecedd735) Comments ignored by classmanifest (#6619) (Daniel Hensby)
|
||||
* 2017-02-09 [6e2797f](https://github.com/silverstripe/silverstripe-framework/commit/6e2797ffc0e9632b60acc5a66e52aeb44f0e2b78) es for using dblib PDO driver. (Andrew O'Neil)
|
||||
* 2017-02-08 [c25c443](https://github.com/silverstripe/silverstripe-framework/commit/c25c443d95fc305fb3545b1393b7da85923dcf8b) Fix minor mysql 5.7 warning in SQLQueryTest (#6608) (Damian Mooyman)
|
||||
* 2017-01-18 [72b6fb4](https://github.com/silverstripe/silverstripe-framework/commit/72b6fb49b698bc3a51c8f6b32d2bf08213729493) bug: In addOrderBy method, _SortColumn will only keep the last one if there are more than 1 multi-word columns (Shawn)
|
43
docs/en/04_Changelogs/3.6.0.md
Normal file
43
docs/en/04_Changelogs/3.6.0.md
Normal file
@ -0,0 +1,43 @@
|
||||
# 3.6.0
|
||||
|
||||
<!--- Changes below this line will be automatically regenerated -->
|
||||
|
||||
## Change Log
|
||||
|
||||
### API Changes
|
||||
|
||||
* 2017-03-05 [f1b99b6](https://github.com/silverstripe/silverstripe-framework/commit/f1b99b6fa78f209ac493047f3ece55f7c9231efa) Enable theming of GroupedDropdownField (Damian Mooyman)
|
||||
* 2017-01-23 [3583f1f](https://github.com/silverstripe/silverstripe-framework/commit/3583f1f79ecff159d5586feb8ea4bd940126c132) Convert::raw2json can be passed an optional bitmask of JSON constants as options (Robbie Averill)
|
||||
|
||||
### Features and Enhancements
|
||||
|
||||
* 2017-04-12 [1a65188](https://github.com/silverstripe/silverstripe-cms/commit/1a6518803b6907ccf22922bca9ff4040200623ec) Make page urls bookmarkable (Damian Mooyman)
|
||||
* 2017-04-03 [40bf945](https://github.com/silverstripe/silverstripe-framework/commit/40bf94532278d29bd58ebe161870cfe0784d8a7e) PHP 7 compatibility (Loz Calver)
|
||||
* 2017-01-13 [88f90bf](https://github.com/silverstripe/silverstripe-framework/commit/88f90bfc796755a6243dc99b780a922984065644) Merge pull request #6499 from SilbinaryWolf/feat-decoratorsetlist (Damian Mooyman)
|
||||
* 2016-12-13 [52cad6c](https://github.com/silverstripe/silverstripe-framework/commit/52cad6ce992378297fa49998d87a9de76bec8ecb) Added ImagickBackend::crop() for compatibility with GDBackend (UndefinedOffset)
|
||||
* 2016-12-05 [b4ba606](https://github.com/silverstripe/silverstripe-framework/commit/b4ba606ff2c8e77f484acc023fd324a2bcae6a8a) HTMLEditorField default alignment setting (Damian Mooyman)
|
||||
* 2016-12-02 [24dc342](https://github.com/silverstripe/silverstripe-framework/commit/24dc3428d9aa0830a1ab8a606ba67817e89a6263) HTMLEditorField default alignment setting (Jonathon Menz)
|
||||
* 2016-10-31 [776d2fb](https://github.com/silverstripe/silverstripe-framework/commit/776d2fbc66e2356fdf938fd9d4f8f01fd894dd7e) Allow setting of unlimited row counts on GridFieldPaginator (Daniel Hensby)
|
||||
|
||||
### Bugfixes
|
||||
|
||||
* 2017-05-30 [5116476](https://github.com/silverstripe/silverstripe-cms/commit/51164768751de4e2c7c931d21f5635714df7bf34) Issue where CMS SiteTree can result in infinite recursion if parent and child relation is swapped (Daniel Hensby)
|
||||
* 2017-04-26 [1ff6f3f](https://github.com/silverstripe/silverstripe-cms/commit/1ff6f3f1b047a1d27b3d60217dc262e8a1c9f54c) ing doArchive (John Milmine)
|
||||
* 2017-04-26 [000a5f7](https://github.com/silverstripe/silverstripe-cms/commit/000a5f7209065aceae14801244a08d3ed186e752) Fix page history / settings forms (Damian Mooyman)
|
||||
* 2017-04-21 [7e77753](https://github.com/silverstripe/silverstripe-cms/commit/7e77753274421c79bac85c5b0c9a35728ce3e3aa) intl test (Daniel Hensby)
|
||||
* 2017-04-07 [41eddfc](https://github.com/silverstripe/silverstripe-cms/commit/41eddfcc8efad2ef90c2f8063a32e4fd0d1656be) ing cms page history controller to use new page id param (Tim Kung)
|
||||
* 2017-04-05 [80e8967](https://github.com/silverstripe/silverstripe-cms/commit/80e89673082cd32dfb5937a4364c646792bef61c) Fix VirtualPage::init() content-modification check. (Sam Minnee)
|
||||
* 2017-04-04 [2ddb616](https://github.com/silverstripe/silverstripe-cms/commit/2ddb616829d497a464ca78e6e61a2ec07450530b) Correct case of CopyContentFrom method (Daniel Hensby)
|
||||
* 2017-04-04 [ec15c71](https://github.com/silverstripe/silverstripe-cms/commit/ec15c713420dd2ee5d5c9792af489a74db9653f6) Add __isset to VirtualPage for PHP7 support. (Daniel Hensby)
|
||||
* 2017-04-04 [ae0fe75](https://github.com/silverstripe/silverstripe-framework/commit/ae0fe75fba35918735656ea82cab2e7584b27f07) non-numeric warnings in GDBackend/ImagickBackend (Loz Calver)
|
||||
* 2017-04-04 [f101697](https://github.com/silverstripe/silverstripe-framework/commit/f101697f8ef5dac427c7c3b65c457f5c6c1ab090) File::ini2bytes() in PHP 7 (Loz Calver)
|
||||
* 2017-04-04 [e22cd4d](https://github.com/silverstripe/silverstripe-framework/commit/e22cd4db00f2afb69b7c7f6572c109e627776dbe) TabSet attempting to access undeclared property (Loz Calver)
|
||||
* 2017-04-04 [f083a06](https://github.com/silverstripe/silverstripe-framework/commit/f083a06f3f97c34079a7d37692f2968df24fe8ff) Fix ViewableData::__isset() for getXXX() getters. (Sam Minnee)
|
||||
* 2017-04-03 [e5f51b1](https://github.com/silverstripe/silverstripe-reports/commit/e5f51b14a347099ae5a67110e56179b0140e871c) Relax PHP version requirement. (Sam Minnee)
|
||||
* 2017-04-03 [454646c](https://github.com/silverstripe/silverstripe-framework/commit/454646c4dfda323a66e42ed46797fdad4a12d176) invalid closure param in ShortcodeParserTest (Loz Calver)
|
||||
* 2017-04-03 [82f62c8](https://github.com/silverstripe/silverstripe-framework/commit/82f62c818430314f3607c2ad87776740ccfccefb) illegal string offset in spyc component (Loz Calver)
|
||||
* 2017-03-23 [b3d3788](https://github.com/silverstripe/silverstripe-framework/commit/b3d37880e910ff925323ea039dff0235ad3aa3f2) many_many_extraFields breaks _SortColumn0 ordering (fixes #6730) (Loz Calver)
|
||||
* 2017-03-12 [cc749d3](https://github.com/silverstripe/silverstripe-framework/commit/cc749d3a19d36fbc44ec668aab66252333e4bcf5) Give DatetimeField its own template (which is extensible) (Robbie Averill)
|
||||
* 2016-10-26 [22ad39e](https://github.com/silverstripe/silverstripe-framework/commit/22ad39e5aea301fa932894d444191dd6ef6389af) Fix SSViewerTest in PHP7 (Sam Minnee)
|
||||
* 2015-08-28 [f224849](https://github.com/silverstripe/silverstripe-framework/commit/f224849cc6c93024ed305a6ca82df8fd08c8df80) Don’t use SplFixedArray in PHP 7. (Sam Minnee)
|
||||
* 2015-08-27 [cca7e96](https://github.com/silverstripe/silverstripe-framework/commit/cca7e9697cd8b8523d52492cd686e06995d94f91) Correct PHP4-style constructors in SimpleTest. (Sam Minnee)
|
18
docs/en/04_Changelogs/rc/3.4.6-rc1.md
Normal file
18
docs/en/04_Changelogs/rc/3.4.6-rc1.md
Normal file
@ -0,0 +1,18 @@
|
||||
# 3.4.6-rc1
|
||||
|
||||
<!--- Changes below this line will be automatically regenerated -->
|
||||
|
||||
## Change Log
|
||||
|
||||
### Security
|
||||
|
||||
* 2017-05-24 [41270fc](https://github.com/silverstripe/silverstripe-cms/commit/41270fcf9980c4be2529d2750c717675548eb617) Only allow HTTP(S) links for external redirector pages (Daniel Hensby) - See [ss-2017-003](http://www.silverstripe.org/download/security-releases/ss-2017-003)
|
||||
* 2017-05-09 [447ce0f](https://github.com/silverstripe/silverstripe-framework/commit/447ce0f84f880c2bc969a89e4be528c53caeabe0) Lock out users who dont exist in the DB (Daniel Hensby) - See [ss-2017-002](http://www.silverstripe.org/download/security-releases/ss-2017-002)
|
||||
* 2017-05-09 [61cf72c](https://github.com/silverstripe/silverstripe-cms/commit/61cf72c08dafddef416d73f943ccd45e70c5d43d) Unescaped fields in CMSPageHistroyController::compare() (Daniel Hensby) - See [ss-2017-004](http://www.silverstripe.org/download/security-releases/ss-2017-004)
|
||||
|
||||
### Bugfixes
|
||||
|
||||
* 2017-05-03 [2d138b0](https://github.com/silverstripe/silverstripe-framework/commit/2d138b0ef06bd93958cc0678a0afa95560648fb9) class name reference consistency (Gregory Smirnov)
|
||||
* 2017-04-24 [1d36f35](https://github.com/silverstripe/silverstripe-framework/commit/1d36f354e8349616c7b39fcade859fbcf0f9c362) Create Image_Cached with Injector. (Gregory Smirnov)
|
||||
* 2017-02-15 [3072591](https://github.com/silverstripe/silverstripe-framework/commit/30725916dbb0ffc66b77f26c069a86581636ae55) Array to string conversion message after CSV export (#6622) (Juan van den Anker)
|
||||
* 2017-02-14 [7122e1f](https://github.com/silverstripe/silverstripe-framework/commit/7122e1fde79bdb9aad3c8714a6ce02b7ecedd735) Comments ignored by classmanifest (#6619) (Daniel Hensby)
|
9
docs/en/04_Changelogs/rc/3.4.6-rc2.md
Normal file
9
docs/en/04_Changelogs/rc/3.4.6-rc2.md
Normal file
@ -0,0 +1,9 @@
|
||||
# 3.4.6-rc2
|
||||
|
||||
<!--- Changes below this line will be automatically regenerated -->
|
||||
|
||||
## Change Log
|
||||
|
||||
### Bugfixes
|
||||
|
||||
* 2017-05-28 [16a74bc](https://github.com/silverstripe/silverstripe-framework/commit/16a74bc8a9fdee7cfb4f6f24493c271f90a76341) DataDifferencer needs to expliclty cast HTMLText values (Daniel Hensby)
|
28
docs/en/04_Changelogs/rc/3.5.4-rc1.md
Normal file
28
docs/en/04_Changelogs/rc/3.5.4-rc1.md
Normal file
@ -0,0 +1,28 @@
|
||||
# 3.5.4-rc1
|
||||
|
||||
<!--- Changes below this line will be automatically regenerated -->
|
||||
|
||||
## Change Log
|
||||
|
||||
### Security
|
||||
|
||||
* 2017-05-24 [41270fc](https://github.com/silverstripe/silverstripe-cms/commit/41270fcf9980c4be2529d2750c717675548eb617) Only allow HTTP(S) links for external redirector pages (Daniel Hensby) - See [ss-2017-003](http://www.silverstripe.org/download/security-releases/ss-2017-003)
|
||||
* 2017-05-09 [447ce0f](https://github.com/silverstripe/silverstripe-framework/commit/447ce0f84f880c2bc969a89e4be528c53caeabe0) Lock out users who dont exist in the DB (Daniel Hensby) - See [ss-2017-002](http://www.silverstripe.org/download/security-releases/ss-2017-002)
|
||||
* 2017-05-09 [61cf72c](https://github.com/silverstripe/silverstripe-cms/commit/61cf72c08dafddef416d73f943ccd45e70c5d43d) Unescaped fields in CMSPageHistroyController::compare() (Daniel Hensby) - See [ss-2017-004](http://www.silverstripe.org/download/security-releases/ss-2017-004)
|
||||
|
||||
### Bugfixes
|
||||
|
||||
* 2017-05-28 [16a74bc](https://github.com/silverstripe/silverstripe-framework/commit/16a74bc8a9fdee7cfb4f6f24493c271f90a76341) DataDifferencer needs to expliclty cast HTMLText values (Daniel Hensby)
|
||||
* 2017-05-08 [1454072](https://github.com/silverstripe/silverstripe-cms/commit/14540729caa30dd2e782e4fd52afe518dc156ed8) Use framework 3.5 to test cms 3.5 (Sam Minnee)
|
||||
* 2017-05-03 [2d138b0](https://github.com/silverstripe/silverstripe-framework/commit/2d138b0ef06bd93958cc0678a0afa95560648fb9) class name reference consistency (Gregory Smirnov)
|
||||
* 2017-05-02 [2187c16](https://github.com/silverstripe/silverstripe-framework/commit/2187c160b936620621fe746a1ffe36af568b21ff) ing pagination api doc typo (3Dgoo)
|
||||
* 2017-04-28 [a511e35](https://github.com/silverstripe/silverstripe-framework/commit/a511e3511cace405dab7589a3406a0858cb6edf2) #6855: Mangled JS in Requirements, escaping replacement values prior to passing to preg_replace(). (Patrick Nelson)
|
||||
* 2017-04-24 [1d36f35](https://github.com/silverstripe/silverstripe-framework/commit/1d36f354e8349616c7b39fcade859fbcf0f9c362) Create Image_Cached with Injector. (Gregory Smirnov)
|
||||
* 2017-04-07 [55eb7eb](https://github.com/silverstripe/silverstripe-framework/commit/55eb7ebdcc9ba767f978dff510614bbd2e0c309d) Do not insert requirements more than once in includeInHTML (Robbie Averill)
|
||||
* 2017-04-05 [a7920b1](https://github.com/silverstripe/silverstripe-framework/commit/a7920b1f9866b6eb5f4bad9de84eef84b88673ad) regression from #6668 - ModelAdmin form widths (Loz Calver)
|
||||
* 2017-04-05 [197bc53](https://github.com/silverstripe/silverstripe-framework/commit/197bc53c4963898d2c10621ca6d6031fdb14fe85) Add transparency percent argument to Image::generatePad to ensure transparency works from ::Pad (Robbie Averill)
|
||||
* 2017-02-15 [3072591](https://github.com/silverstripe/silverstripe-framework/commit/30725916dbb0ffc66b77f26c069a86581636ae55) Array to string conversion message after CSV export (#6622) (Juan van den Anker)
|
||||
* 2017-02-14 [7122e1f](https://github.com/silverstripe/silverstripe-framework/commit/7122e1fde79bdb9aad3c8714a6ce02b7ecedd735) Comments ignored by classmanifest (#6619) (Daniel Hensby)
|
||||
* 2017-02-09 [6e2797f](https://github.com/silverstripe/silverstripe-framework/commit/6e2797ffc0e9632b60acc5a66e52aeb44f0e2b78) es for using dblib PDO driver. (Andrew O'Neil)
|
||||
* 2017-02-08 [c25c443](https://github.com/silverstripe/silverstripe-framework/commit/c25c443d95fc305fb3545b1393b7da85923dcf8b) Fix minor mysql 5.7 warning in SQLQueryTest (#6608) (Damian Mooyman)
|
||||
* 2017-01-18 [72b6fb4](https://github.com/silverstripe/silverstripe-framework/commit/72b6fb49b698bc3a51c8f6b32d2bf08213729493) bug: In addOrderBy method, _SortColumn will only keep the last one if there are more than 1 multi-word columns (Shawn)
|
5
docs/en/04_Changelogs/rc/3.6.0-rc1.md
Normal file
5
docs/en/04_Changelogs/rc/3.6.0-rc1.md
Normal file
@ -0,0 +1,5 @@
|
||||
# 3.6.0-rc1
|
||||
|
||||
<!--- Changes below this line will be automatically regenerated -->
|
||||
|
||||
## Change Log
|
@ -103,7 +103,7 @@ class DataDifferencer extends ViewableData {
|
||||
|
||||
// Show changes between the two, if any exist
|
||||
if($fromValue != $toValue) {
|
||||
$diffed->setField($field, Diff::compareHTML($fromValue, $toValue));
|
||||
$diffed->setField($field, DBField::create_field('HTMLText', Diff::compareHTML($fromValue, $toValue)));
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -398,9 +398,44 @@ class Member extends DataObject implements TemplateGlobalProvider {
|
||||
* Returns true if this user is locked out
|
||||
*/
|
||||
public function isLockedOut() {
|
||||
$state = ($this->LockedOutUntil && SS_Datetime::now()->Format('U') < strtotime($this->LockedOutUntil));
|
||||
$this->extend('updateIsLockedOut', $state);
|
||||
return $state;
|
||||
$state = true;
|
||||
if ($this->LockedOutUntil && $this->dbObject('LockedOutUntil')->InFuture()) {
|
||||
$state = true;
|
||||
} elseif ($this->config()->lock_out_after_incorrect_logins <= 0) {
|
||||
$state = false;
|
||||
} else {
|
||||
|
||||
$attempts = LoginAttempt::get()->filter($filter = array(
|
||||
'Email' => $this->{static::config()->unique_identifier_field},
|
||||
))->sort('Created', 'DESC')->limit($this->config()->lock_out_after_incorrect_logins);
|
||||
|
||||
if ($attempts->count() < $this->config()->lock_out_after_incorrect_logins) {
|
||||
$state = false;
|
||||
} else {
|
||||
|
||||
$success = false;
|
||||
foreach ($attempts as $attempt) {
|
||||
if ($attempt->Status === 'Success') {
|
||||
$success = true;
|
||||
$state = false;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if (!$success) {
|
||||
$lockedOutUntil = $attempts->first()->dbObject('Created')->Format('U')
|
||||
+ ($this->config()->lock_out_delay_mins * 60);
|
||||
if (SS_Datetime::now()->Format('U') < $lockedOutUntil) {
|
||||
$state = true;
|
||||
} else {
|
||||
$state = false;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$this->extend('updateIsLockedOut', $state);
|
||||
return $state;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -1668,7 +1703,7 @@ class Member extends DataObject implements TemplateGlobalProvider {
|
||||
public function registerFailedLogin() {
|
||||
if(self::config()->lock_out_after_incorrect_logins) {
|
||||
// Keep a tally of the number of failed log-ins so that we can lock people out
|
||||
$this->FailedLoginCount = $this->FailedLoginCount + 1;
|
||||
++$this->FailedLoginCount;
|
||||
|
||||
if($this->FailedLoginCount >= self::config()->lock_out_after_incorrect_logins) {
|
||||
$lockoutMins = self::config()->lock_out_delay_mins;
|
||||
@ -1687,6 +1722,7 @@ class Member extends DataObject implements TemplateGlobalProvider {
|
||||
if(self::config()->lock_out_after_incorrect_logins) {
|
||||
// Forgive all past login failures
|
||||
$this->FailedLoginCount = 0;
|
||||
$this->LockedOutUntil = null;
|
||||
$this->write();
|
||||
}
|
||||
$this->extend('onAfterRegisterSuccessfulLogin');
|
||||
|
@ -70,6 +70,14 @@ class MemberAuthenticator extends Authenticator {
|
||||
if($member && !$asDefaultAdmin) {
|
||||
$result = $member->checkPassword($data['Password']);
|
||||
$success = $result->valid();
|
||||
} elseif (!$asDefaultAdmin) {
|
||||
// spoof a login attempt
|
||||
$member = Member::create();
|
||||
$member->Email = $email;
|
||||
$member->{Member::config()->unique_identifier_field} = $data['Password'] . '-wrong';
|
||||
$member->PasswordEncryption = 'none';
|
||||
$result = $member->checkPassword($data['Password']);
|
||||
$member = null;
|
||||
} else {
|
||||
$result = new ValidationResult(false, _t('Member.ERRORWRONGCRED'));
|
||||
}
|
||||
@ -94,7 +102,7 @@ class MemberAuthenticator extends Authenticator {
|
||||
* @param bool $success
|
||||
*/
|
||||
protected static function record_login_attempt($data, $member, $success) {
|
||||
if(!Security::config()->login_recording) return;
|
||||
if(!Security::config()->login_recording && !Member::config()->lock_out_after_incorrect_logins) return;
|
||||
|
||||
// Check email is valid
|
||||
$email = isset($data['Email']) ? $data['Email'] : null;
|
||||
|
@ -180,6 +180,45 @@ class MemberAuthenticatorTest extends SapphireTest {
|
||||
), $form);
|
||||
|
||||
$this->assertTrue(Member::default_admin()->isLockedOut());
|
||||
$this->assertEquals(Member::default_admin()->LockedOutUntil, '2016-04-18 00:10:00');
|
||||
$this->assertEquals('2016-04-18 00:10:00', Member::default_admin()->LockedOutUntil);
|
||||
}
|
||||
|
||||
public function testNonExistantMemberGetsLoginAttemptRecorded()
|
||||
{
|
||||
Config::inst()->update('Member', 'lock_out_after_incorrect_logins', 1);
|
||||
$email = 'notreal@example.com';
|
||||
$this->assertFalse(Member::get()->filter(array('Email' => $email))->exists());
|
||||
$this->assertCount(0, LoginAttempt::get());
|
||||
$response = MemberAuthenticator::authenticate(array(
|
||||
'Email' => $email,
|
||||
'Password' => 'password',
|
||||
));
|
||||
$this->assertNull($response);
|
||||
$this->assertCount(1, LoginAttempt::get());
|
||||
$attempt = LoginAttempt::get()->first();
|
||||
$this->assertEquals($email, $attempt->Email);
|
||||
$this->assertEquals('Failure', $attempt->Status);
|
||||
|
||||
}
|
||||
|
||||
public function testNonExistantMemberGetsLockedOut()
|
||||
{
|
||||
Config::inst()->update('Member', 'lock_out_after_incorrect_logins', 1);
|
||||
Config::inst()->update('Member', 'lock_out_delay_mins', 10);
|
||||
$email = 'notreal@example.com';
|
||||
|
||||
$this->assertFalse(Member::get()->filter(array('Email' => $email))->exists());
|
||||
|
||||
$response = MemberAuthenticator::authenticate(array(
|
||||
'Email' => $email,
|
||||
'Password' => 'password'
|
||||
));
|
||||
|
||||
$this->assertNull($response);
|
||||
$member = new Member();
|
||||
$member->Email = $email;
|
||||
|
||||
$this->assertTrue($member->isLockedOut());
|
||||
$this->assertFalse($member->canLogIn()->valid());
|
||||
}
|
||||
}
|
||||
|
@ -398,6 +398,7 @@ class SecurityTest extends FunctionalTest {
|
||||
public function testRepeatedLoginAttemptsLockingPeopleOut() {
|
||||
$local = i18n::get_locale();
|
||||
i18n::set_locale('en_US');
|
||||
SS_Datetime::set_mock_now(DBField::create_field('SS_Datetime', '2017-05-22 00:00:00'));
|
||||
|
||||
Member::config()->lock_out_after_incorrect_logins = 5;
|
||||
Member::config()->lock_out_delay_mins = 15;
|
||||
@ -414,10 +415,9 @@ class SecurityTest extends FunctionalTest {
|
||||
);
|
||||
$this->assertContains($this->loginErrorMessage(), Convert::raw2xml(_t('Member.ERRORWRONGCRED')));
|
||||
} else {
|
||||
// Fuzzy matching for time to avoid side effects from slow running tests
|
||||
$this->assertGreaterThan(
|
||||
time() + 14*60,
|
||||
strtotime($member->LockedOutUntil),
|
||||
$this->assertEquals(
|
||||
SS_Datetime::now()->Format('U') + (15 * 60),
|
||||
$member->dbObject('LockedOutUntil')->Format('U'),
|
||||
'User has a lockout time set after too many failed attempts'
|
||||
);
|
||||
}
|
||||
@ -440,14 +440,12 @@ class SecurityTest extends FunctionalTest {
|
||||
'The user can\'t log in after being locked out, even with the right password'
|
||||
);
|
||||
|
||||
// (We fake this by re-setting LockedOutUntil)
|
||||
$member = DataObject::get_by_id("Member", $this->idFromFixture('Member', 'test'));
|
||||
$member->LockedOutUntil = date('Y-m-d H:i:s', time() - 30);
|
||||
$member->write();
|
||||
// Move into the future so we can login again
|
||||
SS_Datetime::set_mock_now(DBField::create_field('SS_Datetime', '2017-06-22 00:00:00'));
|
||||
$this->doTestLoginForm('testuser@example.com' , '1nitialPassword');
|
||||
$this->assertEquals(
|
||||
$this->session()->inst_get('loggedInAs'),
|
||||
$member->ID,
|
||||
$this->session()->inst_get('loggedInAs'),
|
||||
'After lockout expires, the user can login again'
|
||||
);
|
||||
|
||||
@ -467,8 +465,8 @@ class SecurityTest extends FunctionalTest {
|
||||
|
||||
$this->doTestLoginForm('testuser@example.com' , '1nitialPassword');
|
||||
$this->assertEquals(
|
||||
$this->session()->inst_get('loggedInAs'),
|
||||
$member->ID,
|
||||
$this->session()->inst_get('loggedInAs'),
|
||||
'The user can login successfully after lockout expires, if staying below the threshold'
|
||||
);
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user