Merge branch '4.4' into 4

This commit is contained in:
Robbie Averill 2019-08-02 11:24:54 +12:00
commit 3224c9971b
2 changed files with 9 additions and 5 deletions

View File

@ -598,8 +598,7 @@ In addition, you can tighten password security with the following configuration
* `Member.password_expiry_days`: Set the number of days that a password should be valid for.
* `Member.lock_out_after_incorrect_logins`: Number of incorrect logins after which
the user is blocked from further attempts for the timespan defined in `$lock_out_delay_mins`
* `Member.lock_out_delay_mins`: Minutes of enforced lockout after incorrect password attempts.
Only applies if `lock_out_after_incorrect_logins` is greater than 0.
* `Member.lock_out_delay_mins`: Minutes of enforced lockout after incorrect password attempts. Only applies if `lock_out_after_incorrect_logins` is greater than 0.
* `Security.remember_username`: Set to false to disable autocomplete on login form
## Clickjacking: Prevent iframe Inclusion

View File

@ -2,6 +2,7 @@
namespace SilverStripe\Security;
use BadMethodCallException;
use LogicException;
use Page;
use ReflectionClass;
@ -420,10 +421,14 @@ class Security extends Controller implements TemplateGlobalProvider
$message = $messageSet['default'];
}
try {
list($messageText, $messageCast) = $parseMessage($message);
static::singleton()->setSessionMessage($messageText, ValidationResult::TYPE_WARNING, $messageCast);
$controller->getRequest()->getSession()->set("BackURL", $_SERVER['REQUEST_URI']);
} catch (BadMethodCallException $ex) {
// noop, if session was not set yet
}
// TODO AccessLogEntry needs an extension to handle permission denied errors
// Audit logging hook