tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity

Merge remote-tracking branch '3.2.4' into 3.3.2

Browse Source
This commit is contained in:
Daniel Hensby 2016-05-05 12:30:53 +01:00
commit d1751e3310
No known key found for this signature in database
GPG Key ID: E38EC566FE29EB66
19 changed files with 347 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
admin/code/LeftAndMain.php
View File

@ -1071,6 +1071,9 @@ class LeftAndMain extends Controller implements PermissionProvider {
* @return SS_HTTPResponse JSON string with a
*/
public function savetreenode($request) {
if (!SecurityToken::inst()->checkRequest($request)) {
return $this->httpError(400);
}
if (!Permission::check('SITETREE_REORGANISE') && !Permission::check('ADMIN')) {
$this->getResponse()->setStatusCode(
403,
@ -1499,6 +1502,7 @@ class LeftAndMain extends Controller implements PermissionProvider {
* @param int $id
*/
public function setCurrentPageID($id) {
$id = (int)$id;
Session::set($this->sessionNamespace() . ".currentPage", $id);
}

5
admin/javascript/LeftAndMain.Tree.js
View File

@ -97,7 +97,10 @@
});
$.ajax({
'url': self.data('urlSavetreenode'),
'url': $.path.addSearchParams(
self.data('urlSavetreenode'),
self.data('extraParams')
),
'type': 'POST',
'data': {
ID: nodeID,

37
docs/en/04_Changelogs/3.1.19.md Normal file
View File

@ -0,0 +1,37 @@
# 3.1.19
## Upgrading
`LoginForm` no longer disables CSRF protection. This may cause regressions on sites that statically publish pages with
login forms or other changes. To re-enable this, you'll need to use the `Injector` to create a custom login form.
Define a login form:
```php
class CustomLoginForm extends MemberLoginForm {
public function __construct($controller, $name, $fields = null, $actions = null, $checkCurrentUser = true)
{
parent::__construct($controller, $name, $fields, $actions, $checkCurrentUser);
$this->disableSecurityToken();
}
}
```
Add this to mysite/_config/config.yml
```yaml
Injector:
MemberLoginForm:
class: CustomLoginForm
```
<!--- Changes below this line will be automatically regenerated -->
## Change Log
### Security
### Bugfixes

24
docs/en/04_Changelogs/rc/3.1.19-rc1.md Normal file
View File

@ -0,0 +1,24 @@
# 3.1.19-rc1
<!--- Changes below this line will be automatically regenerated -->
## Change Log
### Security
* 2016-04-18 [3c0f2e8](https://github.com/silverstripe/silverstripe-framework/commit/3c0f2e8e11a1bead64d869854b9dfc0f80e7579a) Add CSFR protection to tree reorganise (Daniel Hensby) - See [ss-2015-029](http://www.silverstripe.org/download/security-releases/ss-2015-029)
* 2016-04-18 [a24c826](https://github.com/silverstripe/silverstripe-framework/commit/a24c8260b1d048dc6a0836eb1be9a1ca2056e770) Store current page IDs as ints (Daniel Hensby) - See [ss-2016-004](http://www.silverstripe.org/download/security-releases/ss-2016-004)
* 2016-04-18 [1ccd392](https://github.com/silverstripe/silverstripe-framework/commit/1ccd3926e3dcecaa5c1b4f26a390d9eacc24a893) Properly check backurl on CMSSecurity@success (Daniel Hensby) - See [ss-2016-001](http://www.silverstripe.org/download/security-releases/ss-2016-001)
* 2016-04-18 [f32c893](https://github.com/silverstripe/silverstripe-framework/commit/f32c893546340c8c279fd1ab6d4269e9d6539bc2) Apply brute force protection to default admin (Daniel Hensby) - See [ss-2016-005](http://www.silverstripe.org/download/security-releases/ss-2016-005)
* 2016-04-18 [a6bd22a](https://github.com/silverstripe/silverstripe-framework/commit/a6bd22ab2f3b11a054d20be13306a19089510989) dont disable XSS for login forms (Daniel Hensby) - See [ss-2016-006](http://www.silverstripe.org/download/security-releases/ss-2016-006)
### Bugfixes
* 2016-04-24 [fde6376](https://github.com/silverstripe/silverstripe-framework/commit/fde6376996dbaba31601065869c60676845eeb85) Admin bloacklisted messages using correct $.inArray check (Daniel Hensby)
* 2016-04-12 [36283b8](https://github.com/silverstripe/silverstripe-framework/commit/36283b86d5305cc2c5d4823e54972cd301978389) Stop "success" message showing in CMS (Daniel Hensby)
* 2016-03-31 [6ec2656](https://github.com/silverstripe/silverstripe-framework/commit/6ec26562019454483db79132a5c076cfa87dfe34) fix ErrorControlChain causing errors to be displayed if display_errors in php.ini is false (Damian Mooyman)
* 2016-03-18 [add2ecd](https://github.com/silverstripe/silverstripe-framework/commit/add2ecdf8bb977a0234cf773b578eae9872a0d28) Parameter tokens now redirect to correct url if mod_rewrite is off (Daniel Hensby)
* 2016-03-10 [bc31d9c](https://github.com/silverstripe/silverstripe-cms/commit/bc31d9ca9c667ba9015e35d5eae20158056a7b7c) Use `Controller::join_links()` in Reports (Daniel Hensby)
* 2016-03-08 [0364204](https://github.com/silverstripe/silverstripe-cms/commit/036420470da5def5c8e45c94601d3494273d476c) Incorrect title attribute on CMS tabs (Loz Calver)
* 2016-03-01 [817b836](https://github.com/silverstripe/silverstripe-framework/commit/817b83687028894574ba5a8e8ee8f3af21f23188) getIP from behind a load-balancer that adds many IPs to the header (Daniel Hensby)
* 2015-01-08 [adf0f10](https://github.com/silverstripe/silverstripe-framework/commit/adf0f102cc7a04cf8fcac8743801d48214118cad) Fixes CMS errors when viewing history on "Deleted" pages. (Russell Michell)

41
docs/en/04_Changelogs/rc/3.2.4-rc1.md Normal file
View File

@ -0,0 +1,41 @@
# 3.2.4-rc1
<!--- Changes below this line will be automatically regenerated -->
## Change Log
### Security
* 2016-04-18 [3c0f2e8](https://github.com/silverstripe/silverstripe-framework/commit/3c0f2e8e11a1bead64d869854b9dfc0f80e7579a) Add CSFR protection to tree reorganise (Daniel Hensby) - See [ss-2015-029](http://www.silverstripe.org/download/security-releases/ss-2015-029)
* 2016-04-18 [a24c826](https://github.com/silverstripe/silverstripe-framework/commit/a24c8260b1d048dc6a0836eb1be9a1ca2056e770) Store current page IDs as ints (Daniel Hensby) - See [ss-2016-004](http://www.silverstripe.org/download/security-releases/ss-2016-004)
* 2016-04-18 [1ccd392](https://github.com/silverstripe/silverstripe-framework/commit/1ccd3926e3dcecaa5c1b4f26a390d9eacc24a893) Properly check backurl on CMSSecurity@success (Daniel Hensby) - See [ss-2016-001](http://www.silverstripe.org/download/security-releases/ss-2016-001)
* 2016-04-18 [f32c893](https://github.com/silverstripe/silverstripe-framework/commit/f32c893546340c8c279fd1ab6d4269e9d6539bc2) Apply brute force protection to default admin (Daniel Hensby) - See [ss-2016-005](http://www.silverstripe.org/download/security-releases/ss-2016-005)
* 2016-04-18 [a6bd22a](https://github.com/silverstripe/silverstripe-framework/commit/a6bd22ab2f3b11a054d20be13306a19089510989) dont disable XSS for login forms (Daniel Hensby) - See [ss-2016-006](http://www.silverstripe.org/download/security-releases/ss-2016-006)
* 2016-02-17 [37059eb](https://github.com/silverstripe/silverstripe-framework/commit/37059eb6b3546f304e9c031abca0f096ddb175c6) Hostname, IP and Protocol Spoofing through HTTP Headers (Ingo Schommer) - See [ss-2016-003](http://www.silverstripe.org/download/security-releases/ss-2016-003)
* 2016-02-17 [5d2fc0d](https://github.com/silverstripe/silverstripe-framework/commit/5d2fc0d7cac4ce686f7ae05c1a7b1ad8c01711a8) Block unauthenticated access to dev/build/defaults (Damian Mooyman) - See [ss-2015-028](http://www.silverstripe.org/download/security-releases/ss-2015-028)
* 2016-02-17 [013524a](https://github.com/silverstripe/silverstripe-framework/commit/013524af5069bb0cf909853f04418d9bef56d18c) Ensure Gridfield actions respect CSRF (Damian Mooyman) - See [ss-2016-002](http://www.silverstripe.org/download/security-releases/ss-2016-002)
### Bugfixes
* 2016-04-24 [fde6376](https://github.com/silverstripe/silverstripe-framework/commit/fde6376996dbaba31601065869c60676845eeb85) Admin bloacklisted messages using correct $.inArray check (Daniel Hensby)
* 2016-04-12 [36283b8](https://github.com/silverstripe/silverstripe-framework/commit/36283b86d5305cc2c5d4823e54972cd301978389) Stop "success" message showing in CMS (Daniel Hensby)
* 2016-03-31 [6ec2656](https://github.com/silverstripe/silverstripe-framework/commit/6ec26562019454483db79132a5c076cfa87dfe34) fix ErrorControlChain causing errors to be displayed if display_errors in php.ini is false (Damian Mooyman)
* 2016-03-28 [aeb4aa9](https://github.com/silverstripe/silverstripe-framework/commit/aeb4aa9565dfcd251f527362518e5c8be1df7e02) Dont allow plain text friendly errors (Daniel Hensby)
* 2016-03-27 [5ede516](https://github.com/silverstripe/silverstripe-framework/commit/5ede516c771055d09a1578e1598ac0ec58a28f5e) GridField::FieldHolder() should not attempt to parse shortcodes (fixes #5129) (Loz Calver)
* 2016-03-21 [9d62d9d](https://github.com/silverstripe/silverstripe-cms/commit/9d62d9d3818d6acfc08a98b5e0fcaf255295f70f) Link tracking not escaping `#` Fixes #1409 (Daniel Hensby)
* 2016-03-21 [5f8356d](https://github.com/silverstripe/silverstripe-framework/commit/5f8356d6868be9035c4b2a4d00d04c14ab34e4e4) Fix File::getRelativePath() failing if parent folder is renamed (Damian Mooyman)
* 2016-03-18 [add2ecd](https://github.com/silverstripe/silverstripe-framework/commit/add2ecdf8bb977a0234cf773b578eae9872a0d28) Parameter tokens now redirect to correct url if mod_rewrite is off (Daniel Hensby)
* 2016-03-18 [57cfe3c](https://github.com/silverstripe-labs/silverstripe-reports/commit/57cfe3c66a5d67e88bbb1d4150329c6d4841f683) Bad joining of links in reports (Daniel Hensby)
* 2016-03-10 [bc31d9c](https://github.com/silverstripe/silverstripe-cms/commit/bc31d9ca9c667ba9015e35d5eae20158056a7b7c) Use `Controller::join_links()` in Reports (Daniel Hensby)
* 2016-03-08 [0364204](https://github.com/silverstripe/silverstripe-cms/commit/036420470da5def5c8e45c94601d3494273d476c) Incorrect title attribute on CMS tabs (Loz Calver)
* 2016-03-07 [aa57427](https://github.com/silverstripe/silverstripe-framework/commit/aa57427874f0115c2c188dfc821ba09bf467d241) Don't install imagick on php 5.3 (Damian Mooyman)
* 2016-03-07 [86b1c8f](https://github.com/silverstripe/silverstripe-framework/commit/86b1c8fc2849e8f65f473286a3b2d09f4b76eaf7) file sync removes folders with dot in name (Jonathon Menz)
* 2016-03-07 [6a22454](https://github.com/silverstripe/silverstripe-framework/commit/6a2245474d0d6c13d52a9a5104ac8ac3e8fd68a2) Fix FulltextsearchEnable (Damian Mooyman)
* 2016-03-01 [2079844](https://github.com/silverstripe/silverstripe-framework/commit/2079844647e8422e600cb7c820e624a0a108bd07) fixes "Uncaught ImagickException: Can not process empty Imagick object" when deleting an image (Ryan McLaren)
* 2016-03-01 [817b836](https://github.com/silverstripe/silverstripe-framework/commit/817b83687028894574ba5a8e8ee8f3af21f23188) getIP from behind a load-balancer that adds many IPs to the header (Daniel Hensby)
* 2016-02-26 [bd48d89](https://github.com/silverstripe/silverstripe-framework/commit/bd48d89642a259e0a4c93ab2a686bc45b2ac3bc4) undeclared constant issue (Daniel Hensby)
* 2016-02-26 [cc95703](https://github.com/silverstripe/silverstripe-framework/commit/cc95703b18187b3940f02380f8e5667d61345660) Fix regressions in missing CSRF on print button (Damian Mooyman)
* 2016-02-25 [3dc0d0e](https://github.com/silverstripe/silverstripe-framework/commit/3dc0d0ee89cba6b780c8770a94490c60a5b52745) Fix regression in gridfield get actions (Damian Mooyman)
* 2016-02-22 [65a0981](https://github.com/silverstripe/silverstripe-framework/commit/65a0981c0895bd92bcc020ef433b04e0de6ab05c) Correct behaviour of publish with $createNewVersion = true (Damian Mooyman)
* 2016-02-16 [644c807](https://github.com/silverstripe/silverstripe-cms/commit/644c8070311e82d35c39c6e1f0d37cc8aba53665) Use correct formaction for doRollback exemption #1378 (Andrew Aitken-Fincham)
* 2015-01-08 [adf0f10](https://github.com/silverstripe/silverstripe-framework/commit/adf0f102cc7a04cf8fcac8743801d48214118cad) Fixes CMS errors when viewing history on "Deleted" pages. (Russell Michell)

47
javascript/lang/bg.js Normal file
View File

@ -0,0 +1,47 @@
// This file was generated by silverstripe/cow from javascript/lang/src/bg.js.
// See https://github.com/tractorcow/cow for details
if(typeof(ss) == 'undefined' || typeof(ss.i18n) == 'undefined') {
if(typeof(console) != 'undefined') console.error('Class ss.i18n not defined');
} else {
ss.i18n.addDictionary('bg', {
"VALIDATOR.FIELDREQUIRED": "Полето \"%s\" е задължително.",
"HASMANYFILEFIELD.UPLOADING": "Качване... %s",
"TABLEFIELD.DELETECONFIRMMESSAGE": "Да бъде ли изтрит този запис?",
"LOADING": "зареждане...",
"UNIQUEFIELD.SUGGESTED": "Стойността е променена '%s' : %s",
"UNIQUEFIELD.ENTERNEWVALUE": "Трябва да въведете валидна стойност в това поле",
"UNIQUEFIELD.CANNOTLEAVEEMPTY": "Полето не може да остане празно",
"RESTRICTEDTEXTFIELD.CHARCANTBEUSED": "Символът '%s' не може да бъде използван в това поле",
"UPDATEURL.CONFIRM": "Would you like me to change the URL to:\n\n%s/\n\nClick Ok to change the URL, click Cancel to leave it as:\n\n%s",
"UPDATEURL.CONFIRMURLCHANGED": "URL адресът беше сменен на\n'%s'",
"FILEIFRAMEFIELD.DELETEFILE": "Изтрий файла",
"FILEIFRAMEFIELD.UNATTACHFILE": "Премахни файла",
"FILEIFRAMEFIELD.DELETEIMAGE": "Изтрий снимката",
"FILEIFRAMEFIELD.CONFIRMDELETE": "Да бъде ли изтрит този файл?",
"LeftAndMain.IncompatBrowserWarning": "Your browser is not compatible with the CMS interface. Please use Internet Explorer 7+, Google Chrome 10+ or Mozilla Firefox 3.5+.",
"GRIDFIELD.ERRORINTRANSACTION": "Възникна грешка при извличане на данни от сървъра\n Опитайте отново по-късно.",
"HtmlEditorField.SelectAnchor": "Select an anchor",
"UploadField.ConfirmDelete": "Този файл ще бъде изтрит от сървъра. Сигурни ли сте?",
"UploadField.PHP_MAXFILESIZE": "Големината на файла надхвърля upload_max_filesize (php.ini директивата)",
"UploadField.HTML_MAXFILESIZE": "Големината на файла надхвърле MAX_FILE_SIZE (директива на HTML формата)",
"UploadField.ONLYPARTIALUPLOADED": "Файлът беше качен частично",
"UploadField.NOFILEUPLOADED": "Файлът не беше качен",
"UploadField.NOTMPFOLDER": "Липсва временна папка",
"UploadField.WRITEFAILED": "Файлът не можа да бъде записан",
"UploadField.STOPEDBYEXTENSION": "File upload stopped by extension",
"UploadField.TOOLARGE": "Много голям файл",
"UploadField.TOOSMALL": "Файлът е много малък",
"UploadField.INVALIDEXTENSION": "Това разширение не е разрешено",
"UploadField.MAXNUMBEROFFILESSIMPLE": "Максималния брой файлове е надхвърлен",
"UploadField.UPLOADEDBYTES": "Uploaded bytes exceed file size",
"UploadField.EMPTYRESULT": "Empty file upload result",
"UploadField.LOADING": "Зареждане ...",
"UploadField.Editing": "Редактиране ...",
"UploadField.Uploaded": "Качен",
"UploadField.OVERWRITEWARNING": "Вече съществува файл с това име",
"TreeDropdownField.ENTERTOSEARCH": "Натисни Enter за търсена",
"TreeDropdownField.OpenLink": "Отвори",
"TreeDropdownField.FieldTitle": "Избери",
"TreeDropdownField.SearchFieldTitle": "Избери или Търси"
});
}

41
javascript/lang/src/bg.js Normal file
View File

@ -0,0 +1,41 @@
{
"VALIDATOR.FIELDREQUIRED": "Полето \"%s\" е задължително.",
"HASMANYFILEFIELD.UPLOADING": "Качване... %s",
"TABLEFIELD.DELETECONFIRMMESSAGE": "Да бъде ли изтрит този запис?",
"LOADING": "зареждане...",
"UNIQUEFIELD.SUGGESTED": "Стойността е променена '%s' : %s",
"UNIQUEFIELD.ENTERNEWVALUE": "Трябва да въведете валидна стойност в това поле",
"UNIQUEFIELD.CANNOTLEAVEEMPTY": "Полето не може да остане празно",
"RESTRICTEDTEXTFIELD.CHARCANTBEUSED": "Символът '%s' не може да бъде използван в това поле",
"UPDATEURL.CONFIRM": "Would you like me to change the URL to:\n\n%s/\n\nClick Ok to change the URL, click Cancel to leave it as:\n\n%s",
"UPDATEURL.CONFIRMURLCHANGED": "URL адресът беше сменен на\n'%s'",
"FILEIFRAMEFIELD.DELETEFILE": "Изтрий файла",
"FILEIFRAMEFIELD.UNATTACHFILE": "Премахни файла",
"FILEIFRAMEFIELD.DELETEIMAGE": "Изтрий снимката",
"FILEIFRAMEFIELD.CONFIRMDELETE": "Да бъде ли изтрит този файл?",
"LeftAndMain.IncompatBrowserWarning": "Your browser is not compatible with the CMS interface. Please use Internet Explorer 7+, Google Chrome 10+ or Mozilla Firefox 3.5+.",
"GRIDFIELD.ERRORINTRANSACTION": "Възникна грешка при извличане на данни от сървъра\n Опитайте отново по-късно.",
"HtmlEditorField.SelectAnchor": "Select an anchor",
"UploadField.ConfirmDelete": "Този файл ще бъде изтрит от сървъра. Сигурни ли сте?",
"UploadField.PHP_MAXFILESIZE": "Големината на файла надхвърля upload_max_filesize (php.ini директивата)",
"UploadField.HTML_MAXFILESIZE": "Големината на файла надхвърле MAX_FILE_SIZE (директива на HTML формата)",
"UploadField.ONLYPARTIALUPLOADED": "Файлът беше качен частично",
"UploadField.NOFILEUPLOADED": "Файлът не беше качен",
"UploadField.NOTMPFOLDER": "Липсва временна папка",
"UploadField.WRITEFAILED": "Файлът не можа да бъде записан",
"UploadField.STOPEDBYEXTENSION": "File upload stopped by extension",
"UploadField.TOOLARGE": "Много голям файл",
"UploadField.TOOSMALL": "Файлът е много малък",
"UploadField.INVALIDEXTENSION": "Това разширение не е разрешено",
"UploadField.MAXNUMBEROFFILESSIMPLE": "Максималния брой файлове е надхвърлен",
"UploadField.UPLOADEDBYTES": "Uploaded bytes exceed file size",
"UploadField.EMPTYRESULT": "Empty file upload result",
"UploadField.LOADING": "Зареждане ...",
"UploadField.Editing": "Редактиране ...",
"UploadField.Uploaded": "Качен",
"UploadField.OVERWRITEWARNING": "Вече съществува файл с това име",
"TreeDropdownField.ENTERTOSEARCH": "Натисни Enter за търсена",
"TreeDropdownField.OpenLink": "Отвори",
"TreeDropdownField.FieldTitle": "Избери",
"TreeDropdownField.SearchFieldTitle": "Избери или Търси"
}

50
lang/bg.yml
View File

@ -1,25 +1,36 @@
bg:
AssetAdmin:
ALLOWEDEXTS: 'Позволени разширения на файловете за качване'
HIDEALLOWEDEXTS: 'Скрий позволените разширения'
NEWFOLDER: НоваПапка
SHOWALLOWEDEXTS: 'Покажи позволените разширения'
AssetTableField:
CREATED: 'Създаден'
DIM: Размери
FILENAME: Име на файл
FOLDER: Папка
HEIGHT: Височина
LASTEDIT: 'Последна промяна'
OWNER: Собственик
SIZE: 'Големина на файла'
TITLE: Заглавие
TYPE: 'Тип на файла'
URL: URL
WIDTH: Широчина
AssetUploadField:
ChooseFiles: 'Избери файлове'
DRAGFILESHERE: 'Завлечете файловете тук'
DROPAREA: 'Зона за пускане'
EDITALL: 'Редакция на всички'
EDITANDORGANIZE: 'Редактиране и подреждане'
EDITINFO: 'Редактиране на файлове'
FILES: Файлове
FROMCOMPUTER: 'Избери файлове от компютъра'
FROMCOMPUTERINFO: 'Качи от компютъра'
INSERTURL: 'Въведи URL на файла'
REMOVEINFO: 'Премахни файла от това поле'
TOTAL: Общо
TOUPLOAD: 'Избери файлове за качване...'
UPLOADINPROGRESS: 'Моля, изчакайте... файловете се качват'
UPLOADOR: ИЛИ
BBCodeParser:
@ -53,19 +64,40 @@ bg:
ENTERINFO: 'Моля, въведете потребителско име и парола.'
ERRORNOTADMIN: 'Този потребител не е администратор.'
ERRORNOTREC: 'Това потребителско име / парола не е разпознато'
Boolean:
ANY: Всички
NOANSWER: 'Не'
YESANSWER: 'Да'
CMSLoadingScreen_ss:
LOADING: Зареждане ...
REQUIREJS: 'Необходимо е да активирате JavaScript.'
CMSMain:
ACCESS: 'Достъп до секция ''{title}'''
ACCESSALLINTERFACES: 'Достъп до всички секции на CMS'
SAVE: Запис
CMSMemberLoginForm:
BUTTONFORGOTPASSWORD: 'Забравена парола?'
BUTTONLOGIN: 'Влез обратно'
BUTTONLOGOUT: 'Изход'
CMSPageHistoryController_versions_ss:
PREVIEW: 'Преглед на сайта'
CMSPagesController_Tools_ss:
FILTER: Филтър
CMSProfileController:
MENUTITLE: 'Моят профил'
CMSSecurity:
SUCCESS: Успешно
TimedOutTitleAnonymous: 'Вашата сесия е изтекла.'
TimedOutTitleMember: 'Здравей {name}!<br />Твоята сесия е изтекла.'
ChangePasswordEmail_ss:
CHANGEPASSWORDTEXT1: 'Вие сменихте вашата парола за'
CHANGEPASSWORDTEXT2: 'Вече можете да ползвате следните данни за вход:'
EMAIL: Ел. поща
HELLO: Здравей!
PASSWORD: Парола
CheckboxField:
NOANSWER: 'Не'
YESANSWER: 'Да'
ConfirmedPasswordField:
ATLEAST: 'Паролата трябва да е дълга мин. {min} символа.'
BETWEEN: 'Паролата трябва да е дълга от {min} до {max} символа.'
@ -80,18 +112,34 @@ bg:
PLURALNAME: 'Обекти с данни'
SINGULARNAME: 'Обект с данни'
Date:
DAY: ден
DAYS: дни
HOUR: час
HOURS: часа
LessThanMinuteAgo: 'по-малко от минута'
MIN: минута
MINS: минути
MONTH: месец
MONTHS: месеци
SEC: секунда
SECS: секунди
TIMEDIFFAGO: 'преди {difference}'
TIMEDIFFIN: 'за {difference}'
YEAR: година
YEARS: години
DateField:
NOTSET: 'Не нагласено'
NOTSET: 'не е зададена'
TODAY: днес
VALIDDATEFORMAT2: 'Моля, въведете валиден формат за дата ({format})'
VALIDDATEMAXDATE: 'Датата трябва да бъде същата или преди ({date})'
VALIDDATEMINDATE: 'Датата трябва да бъде същата или след ({date})'
DatetimeField:
NOTSET: 'не е зададена'
Director:
INVALID_REQUEST: 'Грешна заявка'
DropdownField:
CHOOSE: (Избери)
CHOOSESEARCH: '(Избери или Търси)'
EmailField:
VALIDATION: 'Моля, въведете имейл адрес'
Enum:

11
lang/eo.yml
View File

@ -1,5 +1,7 @@
eo:
AssetAdmin:
ALLOWEDEXTS: 'Permesitaj alŝutaj dosieraj sufiksoj'
HIDEALLOWEDEXTS: 'Kaŝi permesitajn sufiksojn'
NEWFOLDER: Nova dosierujo
SHOWALLOWEDEXTS: 'Vidigi permesitajn sufiksojn'
AssetTableField:
@ -7,12 +9,14 @@ eo:
DIM: Dimensioj
FILENAME: Nomo de dosiero
FOLDER: Dosierujo
HEIGHT: Alto
LASTEDIT: 'Laste ŝanĝita'
OWNER: Posedanto
SIZE: 'Grando'
TITLE: Titolo
TYPE: 'Tipo'
URL: URL
WIDTH: Larĝo
AssetUploadField:
ChooseFiles: 'Elekti dosierojn'
DRAGFILESHERE: 'Ŝovi dosieron ĉi tien'
@ -23,7 +27,10 @@ eo:
FILES: Dosieroj
FROMCOMPUTER: 'Elekti dosierojn el via komputilo'
FROMCOMPUTERINFO: 'Alŝuti el via komputilo'
INSERTURL: 'Enigi el URL'
REMOVEINFO: 'Forigi ĉi tiun dosieron el ĉi tiu kampo'
TOTAL: Totalo
TOUPLOAD: 'Elekti dosierojn alŝutotajn...'
UPLOADINPROGRESS: 'Bonvolu atendi...alŝuto daŭras'
UPLOADOR:
BBCodeParser:
@ -146,6 +153,7 @@ eo:
INVALID_REQUEST: 'Malvalida peto'
DropdownField:
CHOOSE: (Elekti)
CHOOSESEARCH: '(Elekti aŭ serĉi)'
SOURCE_VALIDATION: 'Bonvolu elekti valoron el la listo donita. {value} ne estas valida agordo'
EmailField:
VALIDATION: 'Bonvolu enigi readreson'
@ -299,6 +307,7 @@ eo:
IMAGETITLETEXT: 'Teksto de titolo (ŝpruchelpilo)'
IMAGETITLETEXTDESC: 'Por plua informo pri la bildo'
IMAGEWIDTHPX: Larĝo
INSERTMEDIA: 'Enigi registraĵojn'
LINK: 'Ligilo'
LINKANCHOR: 'Ankri al ĉi tiu paĝo'
LINKDESCR: 'Ligila priskribo'
@ -311,7 +320,9 @@ eo:
PAGE: Paĝo
SUBJECT: 'Temo de retpoŝto'
URL: URL
URLDESCRIPTION: 'Enigu videojn kaj bildojn el la TTT en vian paĝon simple enigante la URL de la dosiero. Certigu ke vi havas permesojn antaŭ ol kunhavigi registraĵojn rekte el la TTT.<br /><br />Bonvolu noti ke dosieroj ne aldoniĝas al la konservejo de dosieroj de la CMS sed dosieroj enkorpiĝas el ties origina loko. Se ial la dosiero ne plu haveblas en ĝia origina loko, ĝi ne plu estos videbla en ĉi tiu paĝo.'
URLNOTANOEMBEDRESOURCE: 'La URL ''{url}'' ne estas konvertebla al memorilo.'
UpdateMEDIA: 'Ĝisdatigi registraĵojn'
Image:
PLURALNAME: Dosieroj
SINGULARNAME: Dosiero

9
lang/fi.yml
View File

@ -181,7 +181,7 @@ fi:
NOVALIDUPLOAD: 'Tiedosto ei ole kelvollinen ladattavaksi'
Name: Nimi
PLURALNAME: Tiedostot
PdfType: 'Adobe Acrobat PDF -tiedosto'
PdfType: 'Adobe Acrobat PDF-tiedosto'
PngType: 'PNG-kuva - hyvä yleinen muoto'
SINGULARNAME: Tiedosto
TOOLARGE: 'Tiedostokoko on liian suuri: maks. sallittu koko on {size}'
@ -257,7 +257,7 @@ fi:
DefaultGroupTitleContentAuthors: 'Sisällöntuottajat'
Description: Kuvaus
GroupReminder: 'Valitessasi isäntäryhmän roolit periytyvät tähän ryhmään'
HierarchyPermsError: 'Isäntä ryhmään ei voitu asettaa "%s" annettuja oikeuksia (vaaditaan JÄRJESTELMÄNVALVOJAN oikeudet)'
HierarchyPermsError: 'Isäntäryhmään ei voitu asettaa "%s" annettuja oikeuksia (vaaditaan JÄRJESTELMÄNVALVOJAN oikeudet)'
Locked: 'Lukittu?'
NoRoles: 'Rooleja ei löytynyt'
PLURALNAME: Ryhmät
@ -301,8 +301,6 @@ fi:
FROMWEB: 'Webistä'
FindInFolder: 'Etsi kansiosta'
IMAGEALT: 'Vaihtoehtoinen teksti (alt)'
IMAGEALTTEXT: 'Vaihtoehtoinen teksti (alt) - näytetään jos kuvaa ei voida näyttää'
IMAGEALTTEXTDESC: 'Näytetään ruudunlukuohjelmille tai jos kuvia ei voi näyttää'
IMAGEDIMENSIONS: Mitat
IMAGEHEIGHTPX: Korkeus
IMAGETITLE: 'Otsikko (tooltip) - kuvan lisätietoja varten'
@ -336,13 +334,10 @@ fi:
LeftAndMain:
CANT_REORGANISE: 'Sinulla ei ole oikeuksia mennä ylemmän tason sivuille. Muutoksiasi ei tallennettu.'
DELETED: Poistettu.
DropdownBatchActionsDefault: 'Valitse toiminto...'
HELP: Ohje
PAGETYPE: 'Sivutyyppi'
PERMAGAIN: 'Olet kirjautunut ulos CMS:stä. Jos haluat kirjautua uudelleen sisään, syötä käyttäjätunnuksesi ja salasanasi alla.'
PERMALREADY: 'Pahoittelut, mutta et pääse tähän osaan CMS:ää. Jos haluat kirjautua jonain muuna, voit tehdä sen alta.'
PERMDEFAULT: 'Sinun tulee olla kirjautuneena ylläpito-osioon; syötä tunnuksesi kenttiin.'
PLEASESAVE: 'Tallenna sivu: tätä sivua ei voitu päivittää, koska sitä ei ole vielä tallennettu.'
PreviewButton: Esikatselu
REORGANISATIONSUCCESSFUL: 'Hakemistopuu uudelleenjärjestettiin onnistuneesti.'
SAVEDUP: Tallennettu.

1
lang/hr.yml
View File

@ -79,6 +79,7 @@ hr:
TEXT2: 'link za resetiranje lozinke'
TEXT3: za
Form:
SubmitBtnLabel: Kreni
VALIDATIONNOTUNIQUE: 'Unešena vrijednost nije unikatna'
VALIDATIONPASSWORDSDONTMATCH: 'Lozinke se ne slažu'
VALIDATIONPASSWORDSNOTEMPTY: 'Lozinke moraju imati najmanje jedan broj i jedan alfanumerički znak'

4
lang/it.yml
View File

@ -318,9 +318,7 @@ it:
PAGE: Pagina
SUBJECT: 'Oggetto email'
URL: URL
URLDESCRIPTION: 'Inserisci video e immagini dal Web nella tua pagina semplicemente inserendo l''URL del file.
Si sicuro di avere i diritti o i permessi prima di condividere media direttamente dal Web.<br /><br />NB : i file non sono aggiunti allo storage file del CMS, ma incorpora il file dalla sua location principale, se per un qualsiasi motivo il file non e'' più raggiungibile nella sua location principale, non sara'' più visibile su questa pagina.'
URLDESCRIPTION: 'Inserisci video e immagini dal Web nella tua pagina semplicemente inserendo l''URL del file. Si sicuro di avere i diritti o i permessi prima di condividere media direttamente dal Web.<br /><br />NB : i file non sono aggiunti allo storage file del CMS, ma incorpora il file dalla sua location principale, se per un qualsiasi motivo il file non e'' più raggiungibile nella sua location principale, non sara'' più visibile su questa pagina.'
URLNOTANOEMBEDRESOURCE: 'L''URL ''{url}'' non può essere convertito in una risorsa media.'
UpdateMEDIA: 'Aggiorna Media'
Image:

51
lang/nl.yml
View File

@ -1,18 +1,22 @@
nl:
AssetAdmin:
ALLOWEDEXTS: 'Toegestane extensies'
HIDEALLOWEDEXTS: 'Verberg toegestane extensies'
NEWFOLDER: Nieuwe map
SHOWALLOWEDEXTS: 'Toon toegestane extensies'
AssetTableField:
CREATED: 'Eerste upload'
DIM: Dimensies
DIM: Afmetingen
FILENAME: Bestandsnaam
FOLDER: Map
HEIGHT: Hoogte
LASTEDIT: 'Laatste wijziging'
OWNER: Eigenaar
SIZE: 'Grootte'
TITLE: Titel
TYPE: 'Type'
URL: URL
WIDTH: Breedte
AssetUploadField:
ChooseFiles: 'Selecteer bestand'
DRAGFILESHERE: 'Sleep bestanden hierheen'
@ -23,7 +27,10 @@ nl:
FILES: Bestanden
FROMCOMPUTER: 'Selecteer bestanden op uw computer'
FROMCOMPUTERINFO: 'Uploaden vanaf uw computer'
INSERTURL: 'Voeg toe van URL'
REMOVEINFO: 'Verwijder bestand van dit veld'
TOTAL: Totaal
TOUPLOAD: 'Selecteer bestanden voor upload'
UPLOADINPROGRESS: 'Een ogenblik geduld... upload wordt uitgevoerd'
UPLOADOR: OF
BBCodeParser:
@ -59,6 +66,8 @@ nl:
ERRORNOTREC: 'De gebruikersnaam en/of het wachtwoord wordt niet herkend'
Boolean:
ANY: Elke
NOANSWER: 'Nee'
YESANSWER: 'Ja'
CMSLoadingScreen_ss:
LOADING: Laden...
REQUIREJS: 'Het CMS vereist dat JavaScript ingeschakeld is.'
@ -67,22 +76,44 @@ nl:
ACCESSALLINTERFACES: 'Toegang tot alle CMS onderdelen'
ACCESSALLINTERFACESHELP: 'Overstemt meer specifieke toegangsinstellingen'
SAVE: Bewaar
CMSMemberLoginForm:
BUTTONFORGOTPASSWORD: 'Wachtwoord vergeten?'
BUTTONLOGIN: 'Opnieuw inloggen'
BUTTONLOGOUT: 'Uitloggen'
PASSWORDEXPIRED: '<p>Je wachtwoord is verlopen. <a target="_top" href="{link}">Kies een nieuw wachtwoord.</a></p>'
CMSPageHistoryController_versions_ss:
PREVIEW: 'Website voorbeeld'
CMSPagesController_Tools_ss:
FILTER: Filter
CMSProfileController:
MENUTITLE: 'Mijn Profiel'
CMSSecurity:
INVALIDUSER: '<p>Ongeldige gebruiker <a target="_top" href="{link}">Log hier opnieuw in</a> om verder te gaan.</p>'
LoginMessage: '<p>Je kunt verder met wat je aan het doen was, door opnieuw in te loggen.</p>'
SUCCESS: Succes
SUCCESSCONTENT: '<p>Je bent ingelogd. <a target="_top" href="{link}">Klik hier</a> als je niet automatisch wordt doorgestuurd.</p>'
TimedOutTitleAnonymous: 'Sessie is verlopen'
TimedOutTitleMember: 'Hallo {name}!<br />Je sessie is verlopen.'
ChangePasswordEmail_ss:
CHANGEPASSWORDTEXT1: 'U heeft het wachtwoord veranderd voor'
CHANGEPASSWORDTEXT2: 'U kunt nu onderstaande gegevens gebruiken om in te loggen:'
EMAIL: E-mail
HELLO: Hallo
PASSWORD: Wachtwoord
CheckboxField:
NOANSWER: 'Nee'
YESANSWER: 'Ja'
CheckboxFieldSetField:
SOURCE_VALIDATION: 'Selecteer een optie uit de lijst. {value} is geen geldige keuze.'
CheckboxSetField:
SOURCE_VALIDATION: 'Selecteer een optie uit de lijst. ''{value}'' is geen geldige keuze.'
ConfirmedPasswordField:
ATLEAST: 'Een wachtwoord moet tenminste {min} karakters hebben.'
BETWEEN: 'Een wachtwoord moet tussen de {min} en {max} karakters hebben'
MAXIMUM: 'Een wachtwoord mag maximaal {max} karakters hebben.'
SHOWONCLICKTITLE: 'Verander wachtwoord'
ContentController:
DRAFT_SITE_ACCESS_RESTRICTION: 'Je moet inloggen met je CMS wachtwoord om die inhoud te kunnen zien. <a href="%s">Klik hier</a> om terug te keren naar de gepubliceerde site.'
NOTLOGGEDIN: 'Niet ingelogd'
CreditCardField:
FIRST: eerste
@ -122,6 +153,8 @@ nl:
INVALID_REQUEST: 'Fout bij verwerken'
DropdownField:
CHOOSE: (Kies)
CHOOSESEARCH: '(Kies of zoek)'
SOURCE_VALIDATION: 'Selecteer een optie uit de lijst. {value} is geen geldige keuze.'
EmailField:
VALIDATION: 'Gelieve een e-mailadres in te voeren.'
Enum:
@ -170,6 +203,7 @@ nl:
TEXT3: voor
Form:
CSRF_EXPIRED_MESSAGE: 'Uw sessie is verlopen. Verzend het formulier opnieuw.'
CSRF_FAILED_MESSAGE: 'Er lijkt een technisch probleem te zijn. Klik op de knop terug, vernieuw uw browser, en probeer het opnieuw.'
FIELDISREQUIRED: '{name} is verplicht'
SubmitBtnLabel: Versturen
VALIDATIONCREDITNUMBER: 'Gelieve uw credit card number {number} juist in te vullen'
@ -243,6 +277,8 @@ nl:
HtmlEditorField:
ADDURL: 'Voeg URL toe'
ADJUSTDETAILSDIMENSIONS: 'Details en afmetingen'
ANCHORSCANNOTACCESSPAGE: 'Je bent niet gemachtigd om de opgevraagde pagina te bekijken.'
ANCHORSPAGENOTFOUND: 'Pagina niet gevonden.'
ANCHORVALUE: Anker
BUTTONADDURL: 'Voeg URL toe'
BUTTONINSERT: Invoegen
@ -270,6 +306,7 @@ nl:
IMAGETITLETEXT: 'Tooltip (title)'
IMAGETITLETEXTDESC: 'Toon extra informatie over de afbeelding'
IMAGEWIDTHPX: Breedte
INSERTMEDIA: 'Voeg media in'
LINK: 'Link invoegen'
LINKANCHOR: 'Anker op deze pagina'
LINKDESCR: 'Linkomschrijving'
@ -280,8 +317,10 @@ nl:
LINKOPENNEWWIN: 'Link in een nieuw venster openen?'
LINKTO: 'Verwijs naar'
PAGE: Pagina
SUBJECT: 'Email onderwerp'
URL: URL
URLNOTANOEMBEDRESOURCE: '{url} kon niet worden omgezet in een media-bron.'
UpdateMEDIA: 'Media bijwerken'
Image:
PLURALNAME: Bestanden
SINGULARNAME: Bestand
@ -293,17 +332,23 @@ nl:
LeftAndMain:
CANT_REORGANISE: 'U hebt geen rechten om de pagina''s op het Top niveau aan te passen. Uw aanpassing is niet opgeslagen. '
DELETED: Verwijderd.
DropdownBatchActionsDefault: Acties
HELP: Help
PERMAGAIN: 'U bent uitgelogd uit het CMS. Als u weer wilt inloggen vul dan uw gebruikersnaam en wachtwoord hieronder in.'
PERMALREADY: 'Helaas, je hebt geen toegang tot dat deel van het CMS. Hieronder kun je inloggen als iemand anders.'
PERMDEFAULT: 'Je moet ingelogd zijn, om dit deel van de website te bekijken. Vul hieronder je inlog gegevens in.'
PreviewButton: Voorbeeld
REORGANISATIONSUCCESSFUL: 'Menu-indeling is aangepast'
SAVEDUP: Opgeslagen.
ShowAsList: 'laat als lijst zien'
TooManyPages: 'Te veel pagina''s'
ValidationError: 'Validatiefout'
VersionUnknown: onbekend
LeftAndMain_Menu_ss:
Hello: Hallo
LOGOUT: 'Uitloggen'
ListboxField:
SOURCE_VALIDATION: 'Selecteer een optie uit de lijst. %s is geen geldige keuze.'
LoginAttempt:
Email: 'E-mailadres '
IP: 'IP adres'
@ -336,6 +381,7 @@ nl:
NEWPASSWORD: 'Nieuw wachtwoord'
NoPassword: 'Er is geen wachtwoord voor deze gebruiker.'
PASSWORD: Wachtwoord
PASSWORDEXPIRED: 'Je wachtwoord is verlopen. Kies een nieuw wachtwoord.'
PLURALNAME: Leden
REMEMBERME: 'Wachtwoord onthouden voor de volgende keer?'
SINGULARNAME: Lid
@ -441,6 +487,7 @@ nl:
SINGULARNAME: Rol
Title: Titel
PermissionRoleCode:
PLURALNAME: 'Permissie codes'
PermsError: 'U moet (ADMIN) rechten hebben om de code "%s" toe te kennen'
SINGULARNAME: 'Machtigingen rol code'
Permissions:
@ -506,6 +553,8 @@ nl:
Print: Afdrukken
TableListField_PageControls_ss:
OF: van
TextField:
VALIDATEMAXLENGTH: 'De waarde voor {name} mag niet langer zijn dan {maxLength} tekens.'
TimeField:
VALIDATEFORMAT: 'Vul een geldig datumformaat in ({format})'
ToggleField:

4
lang/sk.yml
View File

@ -301,8 +301,6 @@ sk:
FROMWEB: 'Z webu'
FindInFolder: 'Vyhľadať v priečinku'
IMAGEALT: 'Atlernatívny text (alt)'
IMAGEALTTEXT: 'Atlernatívny text (alt) - sa zobrazí, ak nemôže byť obrázok zobrazený'
IMAGEALTTEXTDESC: 'Zobrazí sa na obrazovke, alebo ak obrázok nemôže byť zobrazený'
IMAGEDIMENSIONS: Rozmery
IMAGEHEIGHTPX: Výška
IMAGETITLE: 'Text titulky (tooltip) - pre doplňujúce informácie o obrázku'
@ -337,11 +335,9 @@ sk:
CANT_REORGANISE: 'Nemáte oprávnenie meniť stránky najvyššej úrovne. Vaša zmena nebola uložená.'
DELETED: Zmazané.
HELP: Pomoc
PAGETYPE: 'Typ stránky:'
PERMAGAIN: 'Boli ste odhlásený'
PERMALREADY: 'Je nám ľúto, ale k tejto časti CMS nemáte prístup . Ak sa chcete prihlásiť ako niekto iný, urobte tak nižšie.'
PERMDEFAULT: 'Musíte byť prihlásený/á k prístupu do oblasti administrácie, zadajte vaše prihlasovacie údaje dole, prosím.'
PLEASESAVE: 'Prosím uložte stránku: Táto stránka nemôže byť aktualizovaná, lebo ešte nebola uložená.'
PreviewButton: Náhľad
REORGANISATIONSUCCESSFUL: 'Strom webu bol reorganizovaný úspešne.'
SAVEDUP: Uložené.

13
security/CMSSecurity.php
View File

@ -195,9 +195,16 @@ PHP
// Get redirect url
$controller = $this->getResponseController(_t('CMSSecurity.SUCCESS', 'Success'));
$backURL = $this->getRequest()->requestVar('BackURL')
?: Session::get('BackURL')
?: Director::absoluteURL(AdminRootController::config()->url_base, true);
$backURLs = array(
$this->getRequest()->requestVar('BackURL'),
Session::get('BackURL'),
Director::absoluteURL(AdminRootController::config()->url_base, true),
);
foreach ($backURLs as $backURL) {
if ($backURL && Director::is_site_url($backURL)) {
break;
}
}
// Show login
$controller = $controller->customise(array(

5
security/LoginForm.php
View File

@ -10,11 +10,6 @@
* @subpackage security
*/
abstract class LoginForm extends Form {
public function __construct($controller, $name, $fields, $actions) {
parent::__construct($controller, $name, $fields, $actions);
$this->disableSecurityToken();
}
/**
* Authenticator class to use with this login form

4
security/Member.php
View File

@ -368,7 +368,7 @@ class Member extends DataObject implements TemplateGlobalProvider {
* Returns true if this user is locked out
*/
public function isLockedOut() {
return $this->LockedOutUntil && time() < strtotime($this->LockedOutUntil);
return $this->LockedOutUntil && SS_Datetime::now()->Format('U') < strtotime($this->LockedOutUntil);
}
/**
@ -1607,7 +1607,7 @@ class Member extends DataObject implements TemplateGlobalProvider {
if($this->FailedLoginCount >= self::config()->lock_out_after_incorrect_logins) {
$lockoutMins = self::config()->lock_out_delay_mins;
$this->LockedOutUntil = date('Y-m-d H:i:s', time() + $lockoutMins*60);
$this->LockedOutUntil = date('Y-m-d H:i:s', SS_Datetime::now()->Format('U') + $lockoutMins*60);
$this->FailedLoginCount = 0;
}
}

7
security/MemberAuthenticator.php
View File

@ -51,8 +51,11 @@ class MemberAuthenticator extends Authenticator {
if($asDefaultAdmin) {
// If logging is as default admin, ensure record is setup correctly
$member = Member::default_admin();
$success = Security::check_default_admin($email, $data['Password']);
if($success) return $member;
$success = !$member->isLockedOut() && Security::check_default_admin($email, $data['Password']);
//protect against failed login
if($success) {
return $member;
}
}
// Attempt to identify user by email

18
tests/security/MemberAuthenticatorTest.php
View File

@ -164,4 +164,22 @@ class MemberAuthenticatorTest extends SapphireTest {
$this->assertEquals('The provided details don&#039;t seem to be correct. Please try again.', $form->Message());
$this->assertEquals('bad', $form->MessageType());
}
public function testDefaultAdminLockOut()
{
Config::inst()->update('Member', 'lock_out_after_incorrect_logins', 1);
Config::inst()->update('Member', 'lock_out_delay_mins', 10);
SS_Datetime::set_mock_now('2016-04-18 00:00:00');
$controller = new Security();
$form = new Form($controller, 'Form', new FieldList(), new FieldList());
// Test correct login
MemberAuthenticator::authenticate(array(
'Email' => 'admin',
'Password' => 'wrongpassword'
), $form);
$this->assertTrue(Member::default_admin()->isLockedOut());
$this->assertEquals(Member::default_admin()->LockedOutUntil, '2016-04-18 00:10:00');
}
}