Merge remote-tracking branch '3.1.19' into 3.2.4

This commit is contained in:
Daniel Hensby 2016-05-05 10:14:52 +01:00
commit cf29b2c146
No known key found for this signature in database
GPG Key ID: E38EC566FE29EB66
19 changed files with 263 additions and 25 deletions

View File

@ -1068,6 +1068,9 @@ class LeftAndMain extends Controller implements PermissionProvider {
* @return SS_HTTPResponse JSON string with a
*/
public function savetreenode($request) {
if (!SecurityToken::inst()->checkRequest($request)) {
return $this->httpError(400);
}
if (!Permission::check('SITETREE_REORGANISE') && !Permission::check('ADMIN')) {
$this->response->setStatusCode(
403,
@ -1492,6 +1495,7 @@ class LeftAndMain extends Controller implements PermissionProvider {
* @param int $id
*/
public function setCurrentPageID($id) {
$id = (int)$id;
Session::set($this->sessionNamespace() . ".currentPage", $id);
}

View File

@ -97,7 +97,10 @@
});
$.ajax({
'url': self.data('urlSavetreenode'),
'url': $.path.addSearchParams(
self.data('urlSavetreenode'),
self.data('extraParams')
),
'type': 'POST',
'data': {
ID: nodeID,

View File

@ -0,0 +1,37 @@
# 3.1.19
## Upgrading
`LoginForm` no longer disables CSRF protection. This may cause regressions on sites that statically publish pages with
login forms or other changes. To re-enable this, you'll need to use the `Injector` to create a custom login form.
Define a login form:
```php
class CustomLoginForm extends MemberLoginForm {
public function __construct($controller, $name, $fields = null, $actions = null, $checkCurrentUser = true)
{
parent::__construct($controller, $name, $fields, $actions, $checkCurrentUser);
$this->disableSecurityToken();
}
}
```
Add this to mysite/_config/config.yml
```yaml
Injector:
MemberLoginForm:
class: CustomLoginForm
```
<!--- Changes below this line will be automatically regenerated -->
## Change Log
### Security
### Bugfixes

View File

@ -0,0 +1,24 @@
# 3.1.19-rc1
<!--- Changes below this line will be automatically regenerated -->
## Change Log
### Security
* 2016-04-18 [3c0f2e8](https://github.com/silverstripe/silverstripe-framework/commit/3c0f2e8e11a1bead64d869854b9dfc0f80e7579a) Add CSFR protection to tree reorganise (Daniel Hensby) - See [ss-2015-029](http://www.silverstripe.org/download/security-releases/ss-2015-029)
* 2016-04-18 [a24c826](https://github.com/silverstripe/silverstripe-framework/commit/a24c8260b1d048dc6a0836eb1be9a1ca2056e770) Store current page IDs as ints (Daniel Hensby) - See [ss-2016-004](http://www.silverstripe.org/download/security-releases/ss-2016-004)
* 2016-04-18 [1ccd392](https://github.com/silverstripe/silverstripe-framework/commit/1ccd3926e3dcecaa5c1b4f26a390d9eacc24a893) Properly check backurl on CMSSecurity@success (Daniel Hensby) - See [ss-2016-001](http://www.silverstripe.org/download/security-releases/ss-2016-001)
* 2016-04-18 [f32c893](https://github.com/silverstripe/silverstripe-framework/commit/f32c893546340c8c279fd1ab6d4269e9d6539bc2) Apply brute force protection to default admin (Daniel Hensby) - See [ss-2016-005](http://www.silverstripe.org/download/security-releases/ss-2016-005)
* 2016-04-18 [a6bd22a](https://github.com/silverstripe/silverstripe-framework/commit/a6bd22ab2f3b11a054d20be13306a19089510989) dont disable XSS for login forms (Daniel Hensby) - See [ss-2016-006](http://www.silverstripe.org/download/security-releases/ss-2016-006)
### Bugfixes
* 2016-04-24 [fde6376](https://github.com/silverstripe/silverstripe-framework/commit/fde6376996dbaba31601065869c60676845eeb85) Admin bloacklisted messages using correct $.inArray check (Daniel Hensby)
* 2016-04-12 [36283b8](https://github.com/silverstripe/silverstripe-framework/commit/36283b86d5305cc2c5d4823e54972cd301978389) Stop "success" message showing in CMS (Daniel Hensby)
* 2016-03-31 [6ec2656](https://github.com/silverstripe/silverstripe-framework/commit/6ec26562019454483db79132a5c076cfa87dfe34) fix ErrorControlChain causing errors to be displayed if display_errors in php.ini is false (Damian Mooyman)
* 2016-03-18 [add2ecd](https://github.com/silverstripe/silverstripe-framework/commit/add2ecdf8bb977a0234cf773b578eae9872a0d28) Parameter tokens now redirect to correct url if mod_rewrite is off (Daniel Hensby)
* 2016-03-10 [bc31d9c](https://github.com/silverstripe/silverstripe-cms/commit/bc31d9ca9c667ba9015e35d5eae20158056a7b7c) Use `Controller::join_links()` in Reports (Daniel Hensby)
* 2016-03-08 [0364204](https://github.com/silverstripe/silverstripe-cms/commit/036420470da5def5c8e45c94601d3494273d476c) Incorrect title attribute on CMS tabs (Loz Calver)
* 2016-03-01 [817b836](https://github.com/silverstripe/silverstripe-framework/commit/817b83687028894574ba5a8e8ee8f3af21f23188) getIP from behind a load-balancer that adds many IPs to the header (Daniel Hensby)
* 2015-01-08 [adf0f10](https://github.com/silverstripe/silverstripe-framework/commit/adf0f102cc7a04cf8fcac8743801d48214118cad) Fixes CMS errors when viewing history on "Deleted" pages. (Russell Michell)

47
javascript/lang/bg.js Normal file
View File

@ -0,0 +1,47 @@
// This file was generated by silverstripe/cow from javascript/lang/src/bg.js.
// See https://github.com/tractorcow/cow for details
if(typeof(ss) == 'undefined' || typeof(ss.i18n) == 'undefined') {
if(typeof(console) != 'undefined') console.error('Class ss.i18n not defined');
} else {
ss.i18n.addDictionary('bg', {
"VALIDATOR.FIELDREQUIRED": "Полето \"%s\" е задължително.",
"HASMANYFILEFIELD.UPLOADING": "Качване... %s",
"TABLEFIELD.DELETECONFIRMMESSAGE": "Да бъде ли изтрит този запис?",
"LOADING": "зареждане...",
"UNIQUEFIELD.SUGGESTED": "Стойността е променена '%s' : %s",
"UNIQUEFIELD.ENTERNEWVALUE": "Трябва да въведете валидна стойност в това поле",
"UNIQUEFIELD.CANNOTLEAVEEMPTY": "Полето не може да остане празно",
"RESTRICTEDTEXTFIELD.CHARCANTBEUSED": "Символът '%s' не може да бъде използван в това поле",
"UPDATEURL.CONFIRM": "Would you like me to change the URL to:\n\n%s/\n\nClick Ok to change the URL, click Cancel to leave it as:\n\n%s",
"UPDATEURL.CONFIRMURLCHANGED": "URL адресът беше сменен на\n'%s'",
"FILEIFRAMEFIELD.DELETEFILE": "Изтрий файла",
"FILEIFRAMEFIELD.UNATTACHFILE": "Премахни файла",
"FILEIFRAMEFIELD.DELETEIMAGE": "Изтрий снимката",
"FILEIFRAMEFIELD.CONFIRMDELETE": "Да бъде ли изтрит този файл?",
"LeftAndMain.IncompatBrowserWarning": "Your browser is not compatible with the CMS interface. Please use Internet Explorer 7+, Google Chrome 10+ or Mozilla Firefox 3.5+.",
"GRIDFIELD.ERRORINTRANSACTION": "Възникна грешка при извличане на данни от сървъра\n Опитайте отново по-късно.",
"HtmlEditorField.SelectAnchor": "Select an anchor",
"UploadField.ConfirmDelete": "Този файл ще бъде изтрит от сървъра. Сигурни ли сте?",
"UploadField.PHP_MAXFILESIZE": "Големината на файла надхвърля upload_max_filesize (php.ini директивата)",
"UploadField.HTML_MAXFILESIZE": "Големината на файла надхвърле MAX_FILE_SIZE (директива на HTML формата)",
"UploadField.ONLYPARTIALUPLOADED": "Файлът беше качен частично",
"UploadField.NOFILEUPLOADED": "Файлът не беше качен",
"UploadField.NOTMPFOLDER": "Липсва временна папка",
"UploadField.WRITEFAILED": "Файлът не можа да бъде записан",
"UploadField.STOPEDBYEXTENSION": "File upload stopped by extension",
"UploadField.TOOLARGE": "Много голям файл",
"UploadField.TOOSMALL": "Файлът е много малък",
"UploadField.INVALIDEXTENSION": "Това разширение не е разрешено",
"UploadField.MAXNUMBEROFFILESSIMPLE": "Максималния брой файлове е надхвърлен",
"UploadField.UPLOADEDBYTES": "Uploaded bytes exceed file size",
"UploadField.EMPTYRESULT": "Empty file upload result",
"UploadField.LOADING": "Зареждане ...",
"UploadField.Editing": "Редактиране ...",
"UploadField.Uploaded": "Качен",
"UploadField.OVERWRITEWARNING": "Вече съществува файл с това име",
"TreeDropdownField.ENTERTOSEARCH": "Натисни Enter за търсена",
"TreeDropdownField.OpenLink": "Отвори",
"TreeDropdownField.FieldTitle": "Избери",
"TreeDropdownField.SearchFieldTitle": "Избери или Търси"
});
}

41
javascript/lang/src/bg.js Normal file
View File

@ -0,0 +1,41 @@
{
"VALIDATOR.FIELDREQUIRED": "Полето \"%s\" е задължително.",
"HASMANYFILEFIELD.UPLOADING": "Качване... %s",
"TABLEFIELD.DELETECONFIRMMESSAGE": "Да бъде ли изтрит този запис?",
"LOADING": "зареждане...",
"UNIQUEFIELD.SUGGESTED": "Стойността е променена '%s' : %s",
"UNIQUEFIELD.ENTERNEWVALUE": "Трябва да въведете валидна стойност в това поле",
"UNIQUEFIELD.CANNOTLEAVEEMPTY": "Полето не може да остане празно",
"RESTRICTEDTEXTFIELD.CHARCANTBEUSED": "Символът '%s' не може да бъде използван в това поле",
"UPDATEURL.CONFIRM": "Would you like me to change the URL to:\n\n%s/\n\nClick Ok to change the URL, click Cancel to leave it as:\n\n%s",
"UPDATEURL.CONFIRMURLCHANGED": "URL адресът беше сменен на\n'%s'",
"FILEIFRAMEFIELD.DELETEFILE": "Изтрий файла",
"FILEIFRAMEFIELD.UNATTACHFILE": "Премахни файла",
"FILEIFRAMEFIELD.DELETEIMAGE": "Изтрий снимката",
"FILEIFRAMEFIELD.CONFIRMDELETE": "Да бъде ли изтрит този файл?",
"LeftAndMain.IncompatBrowserWarning": "Your browser is not compatible with the CMS interface. Please use Internet Explorer 7+, Google Chrome 10+ or Mozilla Firefox 3.5+.",
"GRIDFIELD.ERRORINTRANSACTION": "Възникна грешка при извличане на данни от сървъра\n Опитайте отново по-късно.",
"HtmlEditorField.SelectAnchor": "Select an anchor",
"UploadField.ConfirmDelete": "Този файл ще бъде изтрит от сървъра. Сигурни ли сте?",
"UploadField.PHP_MAXFILESIZE": "Големината на файла надхвърля upload_max_filesize (php.ini директивата)",
"UploadField.HTML_MAXFILESIZE": "Големината на файла надхвърле MAX_FILE_SIZE (директива на HTML формата)",
"UploadField.ONLYPARTIALUPLOADED": "Файлът беше качен частично",
"UploadField.NOFILEUPLOADED": "Файлът не беше качен",
"UploadField.NOTMPFOLDER": "Липсва временна папка",
"UploadField.WRITEFAILED": "Файлът не можа да бъде записан",
"UploadField.STOPEDBYEXTENSION": "File upload stopped by extension",
"UploadField.TOOLARGE": "Много голям файл",
"UploadField.TOOSMALL": "Файлът е много малък",
"UploadField.INVALIDEXTENSION": "Това разширение не е разрешено",
"UploadField.MAXNUMBEROFFILESSIMPLE": "Максималния брой файлове е надхвърлен",
"UploadField.UPLOADEDBYTES": "Uploaded bytes exceed file size",
"UploadField.EMPTYRESULT": "Empty file upload result",
"UploadField.LOADING": "Зареждане ...",
"UploadField.Editing": "Редактиране ...",
"UploadField.Uploaded": "Качен",
"UploadField.OVERWRITEWARNING": "Вече съществува файл с това име",
"TreeDropdownField.ENTERTOSEARCH": "Натисни Enter за търсена",
"TreeDropdownField.OpenLink": "Отвори",
"TreeDropdownField.FieldTitle": "Избери",
"TreeDropdownField.SearchFieldTitle": "Избери или Търси"
}

View File

@ -1,25 +1,36 @@
bg:
AssetAdmin:
ALLOWEDEXTS: 'Позволени разширения на файловете за качване'
HIDEALLOWEDEXTS: 'Скрий позволените разширения'
NEWFOLDER: НоваПапка
SHOWALLOWEDEXTS: 'Покажи позволените разширения'
AssetTableField:
CREATED: 'Създаден'
DIM: Размери
FILENAME: Име на файл
FOLDER: Папка
HEIGHT: Височина
LASTEDIT: 'Последна промяна'
OWNER: Собственик
SIZE: 'Големина на файла'
TITLE: Заглавие
TYPE: 'Тип на файла'
URL: URL
WIDTH: Широчина
AssetUploadField:
ChooseFiles: 'Избери файлове'
DRAGFILESHERE: 'Завлечете файловете тук'
DROPAREA: 'Зона за пускане'
EDITALL: 'Редакция на всички'
EDITANDORGANIZE: 'Редактиране и подреждане'
EDITINFO: 'Редактиране на файлове'
FILES: Файлове
FROMCOMPUTER: 'Избери файлове от компютъра'
FROMCOMPUTERINFO: 'Качи от компютъра'
INSERTURL: 'Въведи URL на файла'
REMOVEINFO: 'Премахни файла от това поле'
TOTAL: Общо
TOUPLOAD: 'Избери файлове за качване...'
UPLOADINPROGRESS: 'Моля, изчакайте... файловете се качват'
UPLOADOR: ИЛИ
BBCodeParser:
@ -53,19 +64,40 @@ bg:
ENTERINFO: 'Моля, въведете потребителско име и парола.'
ERRORNOTADMIN: 'Този потребител не е администратор.'
ERRORNOTREC: 'Това потребителско име / парола не е разпознато'
Boolean:
ANY: Всички
NOANSWER: 'Не'
YESANSWER: 'Да'
CMSLoadingScreen_ss:
LOADING: Зареждане ...
REQUIREJS: 'Необходимо е да активирате JavaScript.'
CMSMain:
ACCESS: 'Достъп до секция ''{title}'''
ACCESSALLINTERFACES: 'Достъп до всички секции на CMS'
SAVE: Запис
CMSMemberLoginForm:
BUTTONFORGOTPASSWORD: 'Забравена парола?'
BUTTONLOGIN: 'Влез обратно'
BUTTONLOGOUT: 'Изход'
CMSPageHistoryController_versions_ss:
PREVIEW: 'Преглед на сайта'
CMSPagesController_Tools_ss:
FILTER: Филтър
CMSProfileController:
MENUTITLE: 'Моят профил'
CMSSecurity:
SUCCESS: Успешно
TimedOutTitleAnonymous: 'Вашата сесия е изтекла.'
TimedOutTitleMember: 'Здравей {name}!<br />Твоята сесия е изтекла.'
ChangePasswordEmail_ss:
CHANGEPASSWORDTEXT1: 'Вие сменихте вашата парола за'
CHANGEPASSWORDTEXT2: 'Вече можете да ползвате следните данни за вход:'
EMAIL: Ел. поща
HELLO: Здравей!
PASSWORD: Парола
CheckboxField:
NOANSWER: 'Не'
YESANSWER: 'Да'
ConfirmedPasswordField:
ATLEAST: 'Паролата трябва да е дълга мин. {min} символа.'
BETWEEN: 'Паролата трябва да е дълга от {min} до {max} символа.'
@ -80,18 +112,34 @@ bg:
PLURALNAME: 'Обекти с данни'
SINGULARNAME: 'Обект с данни'
Date:
DAY: ден
DAYS: дни
HOUR: час
HOURS: часа
LessThanMinuteAgo: 'по-малко от минута'
MIN: минута
MINS: минути
MONTH: месец
MONTHS: месеци
SEC: секунда
SECS: секунди
TIMEDIFFAGO: 'преди {difference}'
TIMEDIFFIN: 'за {difference}'
YEAR: година
YEARS: години
DateField:
NOTSET: 'Не нагласено'
NOTSET: 'не е зададена'
TODAY: днес
VALIDDATEFORMAT2: 'Моля, въведете валиден формат за дата ({format})'
VALIDDATEMAXDATE: 'Датата трябва да бъде същата или преди ({date})'
VALIDDATEMINDATE: 'Датата трябва да бъде същата или след ({date})'
DatetimeField:
NOTSET: 'не е зададена'
Director:
INVALID_REQUEST: 'Грешна заявка'
DropdownField:
CHOOSE: (Избери)
CHOOSESEARCH: '(Избери или Търси)'
EmailField:
VALIDATION: 'Моля, въведете имейл адрес'
Enum:

View File

@ -302,7 +302,7 @@ cs:
FindInFolder: 'Hledat ve složce'
IMAGEALT: 'Alternativní text (alt)'
IMAGEALTTEXT: 'Alternativní text (alt) - bude ukázán, když obrázek nemúže být zobrazen'
IMAGEALTTEXTDESC: 'Zobrazeno na obrazovce, nebo když obrázek nemůže být zobrazen'
IMAGEALTTEXTDESC: 'Zobrazeno na obrazovce, když obrázek nemůže být zobrazen'
IMAGEDIMENSIONS: Rozměry
IMAGEHEIGHTPX: Výška
IMAGETITLE: 'Titul text (tooltip) - další informace o obrázku'

View File

@ -331,6 +331,7 @@ de:
CANT_REORGANISE: 'Sie besitzen nicht die benötigten Zugriffsrechte um Seiten der höchsten Ebene zu bearbeiten. Ihre Änderungen wurden nicht gespeichert.'
DELETED: Gelöscht.
HELP: Hilfe
PAGETYPE: 'Seitentyp'
PERMAGAIN: 'Sie wurden aus dem System ausgeloggt. Falls Sie sich wieder einloggen möchten, geben Sie bitte Benutzernamen und Passwort im untenstehenden Formular an.'
PERMALREADY: 'Leider dürfen Sie diesen Teil des CMS nicht aufrufen. Wenn Sie sich als jemand anderes einloggen wollen, benutzen Sie bitte das nachstehende Formular.'
PERMDEFAULT: 'Sie müssen angemeldet sein, um auf diesen Bereich zugreifen zu können. Bitte geben Sie Ihre Zugangsdaten ein.'

View File

@ -1,5 +1,7 @@
eo:
AssetAdmin:
ALLOWEDEXTS: 'Permesitaj alŝutaj dosieraj sufiksoj'
HIDEALLOWEDEXTS: 'Kaŝi permesitajn sufiksojn'
NEWFOLDER: Nova dosierujo
SHOWALLOWEDEXTS: 'Vidigi permesitajn sufiksojn'
AssetTableField:
@ -7,12 +9,14 @@ eo:
DIM: Dimensioj
FILENAME: Nomo de dosiero
FOLDER: Dosierujo
HEIGHT: Alto
LASTEDIT: 'Laste ŝanĝita'
OWNER: Posedanto
SIZE: 'Grando'
TITLE: Titolo
TYPE: 'Tipo'
URL: URL
WIDTH: Larĝo
AssetUploadField:
ChooseFiles: 'Elekti dosierojn'
DRAGFILESHERE: 'Ŝovi dosieron ĉi tien'
@ -23,7 +27,10 @@ eo:
FILES: Dosieroj
FROMCOMPUTER: 'Elekti dosierojn el via komputilo'
FROMCOMPUTERINFO: 'Alŝuti el via komputilo'
INSERTURL: 'Enigi el URL'
REMOVEINFO: 'Forigi ĉi tiun dosieron el ĉi tiu kampo'
TOTAL: Totalo
TOUPLOAD: 'Elekti dosierojn alŝutotajn...'
UPLOADINPROGRESS: 'Bonvolu atendi...alŝuto daŭras'
UPLOADOR:
BBCodeParser:
@ -146,6 +153,7 @@ eo:
INVALID_REQUEST: 'Malvalida peto'
DropdownField:
CHOOSE: (Elekti)
CHOOSESEARCH: '(Elekti aŭ serĉi)'
SOURCE_VALIDATION: 'Bonvolu elekti valoron el la listo donita. {value} ne estas valida agordo'
EmailField:
VALIDATION: 'Bonvolu enigi readreson'
@ -293,12 +301,15 @@ eo:
FROMWEB: 'El la TTT'
FindInFolder: 'Serĉi en dosierujo'
IMAGEALT: 'Alternativa teksto (alt)'
IMAGEALTTEXT: 'Alternativa teksto (alt) - vidigi ĝin se ne eblas vidigi bildon'
IMAGEALTTEXTDESC: 'Vidigota al ekranlegiloj aŭ se ne eblas vidigi bildon'
IMAGEDIMENSIONS: Dimensioj
IMAGEHEIGHTPX: Alto
IMAGETITLE: 'Titola teksto (ŝpruchelpilo) - por plua informo pri la bildo'
IMAGETITLETEXT: 'Teksto de titolo (ŝpruchelpilo)'
IMAGETITLETEXTDESC: 'Por plua informo pri la bildo'
IMAGEWIDTHPX: Larĝo
INSERTMEDIA: 'Enigi registraĵojn'
LINK: 'Ligilo'
LINKANCHOR: 'Ankri al ĉi tiu paĝo'
LINKDESCR: 'Ligila priskribo'
@ -311,7 +322,9 @@ eo:
PAGE: Paĝo
SUBJECT: 'Temo de retpoŝto'
URL: URL
URLDESCRIPTION: 'Enigu videojn kaj bildojn el la TTT en vian paĝon simple enigante la URL de la dosiero. Certigu ke vi havas permesojn antaŭ ol kunhavigi registraĵojn rekte el la TTT.<br /><br />Bonvolu noti ke dosieroj ne aldoniĝas al la konservejo de dosieroj de la CMS sed dosieroj enkorpiĝas el ties origina loko. Se ial la dosiero ne plu haveblas en ĝia origina loko, ĝi ne plu estos videbla en ĉi tiu paĝo.'
URLNOTANOEMBEDRESOURCE: 'La URL ''{url}'' ne estas konvertebla al memorilo.'
UpdateMEDIA: 'Ĝisdatigi registraĵojn'
Image:
PLURALNAME: Dosieroj
SINGULARNAME: Dosiero
@ -323,10 +336,13 @@ eo:
LeftAndMain:
CANT_REORGANISE: 'Vi ne rajtas ŝanĝi supronivelajn paĝojn. Via ŝanĝo ne konserviĝis.'
DELETED: Forigita.
DropdownBatchActionsDefault: 'Elekti agon...'
HELP: Helpo
PAGETYPE: 'Tipo de paĝo'
PERMAGAIN: 'Vin adiaŭis la CMS. Se vi volas denove saluti, enigu salutnomon kaj pasvorton malsupre.'
PERMALREADY: 'Bedaŭrinde vi ne povas aliri tiun parton de la CMS. Se vi volas ensaluti kiel aliulo, faru tion sube.'
PERMDEFAULT: 'Necesas ensaluti por aliri la administran zonon; bonvolu enigi viajn akreditaĵoj sube.'
PLEASESAVE: 'Bonvolu konservi paĝon: Ne eblis ĝisdatigi ĉi tiun paĝon ĉar ĝi ankoraŭ ne estas konservita.'
PreviewButton: Antaŭvido
REORGANISATIONSUCCESSFUL: 'Sukcese reorganizis la retejan arbon.'
SAVEDUP: Konservita.

View File

@ -301,8 +301,6 @@ fi:
FROMWEB: 'Webistä'
FindInFolder: 'Etsi kansiosta'
IMAGEALT: 'Vaihtoehtoinen teksti (alt)'
IMAGEALTTEXT: 'Vaihtoehtoinen teksti (alt) - näytetään jos kuvaa ei voida näyttää'
IMAGEALTTEXTDESC: 'Näytetään ruudunlukuohjelmille tai jos kuvia ei voi näyttää'
IMAGEDIMENSIONS: Mitat
IMAGEHEIGHTPX: Korkeus
IMAGETITLE: 'Otsikko (tooltip) - kuvan lisätietoja varten'
@ -336,13 +334,10 @@ fi:
LeftAndMain:
CANT_REORGANISE: 'Sinulla ei ole oikeuksia mennä ylemmän tason sivuille. Muutoksiasi ei tallennettu.'
DELETED: Poistettu.
DropdownBatchActionsDefault: 'Valitse toiminto...'
HELP: Ohje
PAGETYPE: 'Sivutyyppi'
PERMAGAIN: 'Olet kirjautunut ulos CMS:stä. Jos haluat kirjautua uudelleen sisään, syötä käyttäjätunnuksesi ja salasanasi alla.'
PERMALREADY: 'Pahoittelut, mutta et pääse tähän osaan CMS:ää. Jos haluat kirjautua jonain muuna, voit tehdä sen alta.'
PERMDEFAULT: 'Sinun tulee olla kirjautuneena ylläpito-osioon; syötä tunnuksesi kenttiin.'
PLEASESAVE: 'Tallenna sivu: tätä sivua ei voitu päivittää, koska sitä ei ole vielä tallennettu.'
PreviewButton: Esikatselu
REORGANISATIONSUCCESSFUL: 'Hakemistopuu uudelleenjärjestettiin onnistuneesti.'
SAVEDUP: Tallennettu.

View File

@ -79,6 +79,7 @@ hr:
TEXT2: 'link za resetiranje lozinke'
TEXT3: za
Form:
SubmitBtnLabel: Kreni
VALIDATIONNOTUNIQUE: 'Unešena vrijednost nije unikatna'
VALIDATIONPASSWORDSDONTMATCH: 'Lozinke se ne slažu'
VALIDATIONPASSWORDSNOTEMPTY: 'Lozinke moraju imati najmanje jedan broj i jedan alfanumerički znak'

View File

@ -318,9 +318,7 @@ it:
PAGE: Pagina
SUBJECT: 'Oggetto email'
URL: URL
URLDESCRIPTION: 'Inserisci video e immagini dal Web nella tua pagina semplicemente inserendo l''URL del file.
Si sicuro di avere i diritti o i permessi prima di condividere media direttamente dal Web.<br /><br />NB : i file non sono aggiunti allo storage file del CMS, ma incorpora il file dalla sua location principale, se per un qualsiasi motivo il file non e'' più raggiungibile nella sua location principale, non sara'' più visibile su questa pagina.'
URLDESCRIPTION: 'Inserisci video e immagini dal Web nella tua pagina semplicemente inserendo l''URL del file. Si sicuro di avere i diritti o i permessi prima di condividere media direttamente dal Web.<br /><br />NB : i file non sono aggiunti allo storage file del CMS, ma incorpora il file dalla sua location principale, se per un qualsiasi motivo il file non e'' più raggiungibile nella sua location principale, non sara'' più visibile su questa pagina.'
URLNOTANOEMBEDRESOURCE: 'L''URL ''{url}'' non può essere convertito in una risorsa media.'
UpdateMEDIA: 'Aggiorna Media'
Image:

View File

@ -301,7 +301,7 @@ sk:
FROMWEB: 'Z webu'
FindInFolder: 'Vyhľadať v priečinku'
IMAGEALT: 'Atlernatívny text (alt)'
IMAGEALTTEXT: 'Atlernatívny text (alt) - sa zobrazí, ak nemôže byť obrázok zobrazený'
IMAGEALTTEXT: 'Atlernatívny text (alt) - zobrazí sa, ak nemože byť zobrazený obrázok'
IMAGEALTTEXTDESC: 'Zobrazí sa na obrazovke, alebo ak obrázok nemôže byť zobrazený'
IMAGEDIMENSIONS: Rozmery
IMAGEHEIGHTPX: Výška
@ -338,7 +338,7 @@ sk:
DELETED: Zmazané.
DropdownBatchActionsDefault: 'Vybrať akciu...'
HELP: Pomoc
PAGETYPE: 'Typ stránky:'
PAGETYPE: 'Typ stránky'
PERMAGAIN: 'Boli ste odhlásený'
PERMALREADY: 'Je nám ľúto, ale k tejto časti CMS nemáte prístup . Ak sa chcete prihlásiť ako niekto iný, urobte tak nižšie.'
PERMDEFAULT: 'Musíte byť prihlásený/á k prístupu do oblasti administrácie, zadajte vaše prihlasovacie údaje dole, prosím.'

View File

@ -193,9 +193,16 @@ PHP
// Get redirect url
$controller = $this->getResponseController(_t('CMSSecurity.SUCCESS', 'Success'));
$backURL = $this->getRequest()->requestVar('BackURL')
?: Session::get('BackURL')
?: Director::absoluteURL(AdminRootController::config()->url_base, true);
$backURLs = array(
$this->getRequest()->requestVar('BackURL'),
Session::get('BackURL'),
Director::absoluteURL(AdminRootController::config()->url_base, true),
);
foreach ($backURLs as $backURL) {
if ($backURL && Director::is_site_url($backURL)) {
break;
}
}
// Show login
$controller = $controller->customise(array(

View File

@ -10,11 +10,6 @@
* @subpackage security
*/
abstract class LoginForm extends Form {
public function __construct($controller, $name, $fields, $actions) {
parent::__construct($controller, $name, $fields, $actions);
$this->disableSecurityToken();
}
/**
* Authenticator class to use with this login form

View File

@ -368,7 +368,7 @@ class Member extends DataObject implements TemplateGlobalProvider {
* Returns true if this user is locked out
*/
public function isLockedOut() {
return $this->LockedOutUntil && time() < strtotime($this->LockedOutUntil);
return $this->LockedOutUntil && SS_Datetime::now()->Format('U') < strtotime($this->LockedOutUntil);
}
/**
@ -1607,7 +1607,7 @@ class Member extends DataObject implements TemplateGlobalProvider {
if($this->FailedLoginCount >= self::config()->lock_out_after_incorrect_logins) {
$lockoutMins = self::config()->lock_out_delay_mins;
$this->LockedOutUntil = date('Y-m-d H:i:s', time() + $lockoutMins*60);
$this->LockedOutUntil = date('Y-m-d H:i:s', SS_Datetime::now()->Format('U') + $lockoutMins*60);
$this->FailedLoginCount = 0;
}
}

View File

@ -51,8 +51,11 @@ class MemberAuthenticator extends Authenticator {
if($asDefaultAdmin) {
// If logging is as default admin, ensure record is setup correctly
$member = Member::default_admin();
$success = Security::check_default_admin($email, $data['Password']);
if($success) return $member;
$success = !$member->isLockedOut() && Security::check_default_admin($email, $data['Password']);
//protect against failed login
if($success) {
return $member;
}
}
// Attempt to identify user by email

View File

@ -164,4 +164,22 @@ class MemberAuthenticatorTest extends SapphireTest {
$this->assertEquals('The provided details don&#039;t seem to be correct. Please try again.', $form->Message());
$this->assertEquals('bad', $form->MessageType());
}
public function testDefaultAdminLockOut()
{
Config::inst()->update('Member', 'lock_out_after_incorrect_logins', 1);
Config::inst()->update('Member', 'lock_out_delay_mins', 10);
SS_Datetime::set_mock_now('2016-04-18 00:00:00');
$controller = new Security();
$form = new Form($controller, 'Form', new FieldList(), new FieldList());
// Test correct login
MemberAuthenticator::authenticate(array(
'Email' => 'admin',
'Password' => 'wrongpassword'
), $form);
$this->assertTrue(Member::default_admin()->isLockedOut());
$this->assertEquals(Member::default_admin()->LockedOutUntil, '2016-04-18 00:10:00');
}
}